Security News
A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. The multi-stage attack chain commences when an email recipient clicks the embedded link pointing to a password-protected ZIP file hosted on Microsoft OneDrive with the password "12345."
The Syxsense Synergy event last week featured a range of analysts, end users and company spokespeople with a central theme of the convergence of endpoint management and security - two areas that have traditionally remained apart. "That's why there is a growing need for the convergence of the security and endpoint management groups within organizations to address attack surface management, vulnerability protection and automated remediation."
A cyberespionage and hacking campaign tracked as 'RedClouds' uses the custom 'RDStealer' malware to automatically steal data from drives shared through Remote Desktop connections. The Remote Desktop Protocol is a proprietary Microsoft protocol that allows users to remotely connect to Windows desktops and use them as if they were in front of the computer.
We'll examine the impact of the shifting role of data centers on network strategies, the implementation of a zero-trust security framework, and how 5G networks might further decentralize workplaces. Historically businesses have relied on remote access VPNs to allow remote employees to access applications and services on their corporate network.
Linux routers in Japan are the target of a new Golang remote access trojan called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center said in a report published today. The compromise of an internet-exposed router is followed by the deployment of a loader script that acts as a conduit for delivering GobRAT, which, when launched, masquerades as the Apache daemon process to evade detection.
Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service condition. Four of the nine vulnerabilities are rated 9.8 out of 10 on the CVSS scoring system, making them critical in nature.
The FBI and friends have warned organizations to "Strictly limit the use of RDP and other remote desktop services" to avoid BianLian infections and the ransomware gang's extortion attempts that follow the data encryption. BianLian typically gains access to victims' Windows systems via Remote Desktop Protocol credentials - hence the advice to shore up RDP security - and then uses software tools and command-line scripting to find and steal more credentials and snoop through the network and its files.
Cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times. According to Check Point, whose analysts discovered the malicious extensions and reported them to Microsoft, the malware enabled the threat actors to steal credentials, system information, and establish a remote shell on the victim's machine.
In an effort to solve the access-related challenges facing OT and critical infrastructure operators, the team at Cyolo built a zero-trust access platform designed to meet the unique safety, security, and uptime requirements of OT and industrial control systems environments. Let's look under the hood: #. The Cyolo solution is a high-powered combination of Zero Trust Network Access, Identity Provider, and Privileged Access Management.
Presenting at Black Hat Asia 2023, an infosec researcher detailed how remote updates can be exploited to modify voltage on a Supermicro motherboard and remotely brick machines. Voltpillager was not a remote attack and required physical proximity, such as a rogue employee, so was limited in threat scope.