Security News > 2022 > June

A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190. The payload, which manifests in the form of a PowerShell script, is Base64-encoded and functions as a downloader to retrieve a second PowerShell script from a remote server named "Seller-notification[.]live."

A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs - using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up.

Nearly 60% of organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months. The most common types of confidential and sensitive information lost or intentionally stolen include: customer information, intellectual property, and consumer information.

In this interview with Help Net Security, Paige Hanson, Chief of Cyber Safety Education at NortonLifeLock, talks about the risks posed by medical ID theft, the repercussions of such criminal activity, and what people as well as organizations can do to protect valuable medical information. Even more worrisome than the possible financial cost of medical identity theft is the potential risk it poses of mingling an identity thief's health information with your own.

Darktrace AI interrupts in-progress cyber-attacks in seconds, including ransomware, email phishing, and threats to cloud environments and critical infrastructure. In this Help Net Security video, Justin Fier, VP Tactical Risk and Response at Darktrace, provides an overview of the Darktrace Cyber AI Research Centre, discusses AI trends, and showcases how Darktrace can help organizations strengthen their cybersecurity posture.

Zscaler released the findings of its annual ThreatLabz Ransomware Report, which revealed an 80 percent increase in ransomware attacks year-over-year. In 2022, the most prevalent ransomware trends include double-extortion, supply chain attacks, ransomware-as-a-service, ransomware rebranding, and geo-political incited ransomware attacks.

Adversaries, motivated by the success of high-profile software supply chain attacks on companies like SolarWinds and Kaseya, are stepping up attacks against software build and distribution environments. "Digital transformation has made every business a software developer. And as a result, software development environments have become huge target for attackers," said Kevin Bocek, VP of threat intelligence and business development for Venafi.

Stop significant B2B or B2C information sharing problems with a tailored approach to encryption. The security of our data is, without question, at the top of any enterprise's priority list.

IBM has expanded its extensive cybersecurity portfolio by acquiring Randori - a four-year-old startup that specializes in helping enterprises manage their attack surface by identifying and prioritizing their external-facing on-premises and cloud assets. Its plan is to give the computing behemoth's customers a tool to manage their security posture by looking at their infrastructure from a threat actor's point-of-view - a position IBM hopes will allow users to identify unseen weaknesses.

Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs. "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit.