Security News

In this report, the Elastic Security team highlights how they've noticed a slight increase in Linux binaries with the capability to leverage a proxy for potential command and control purposes. When targeting Linux endpoints, adversary playbooks often include using a backdoor binary, as previously discussed, followed by installing a proxy server for command and control.

Threat hunting is an essential component of your cybersecurity strategy. Whether you're getting started or in an advanced state, this article will help you ramp up your threat intelligence program.

Bluefield University is a small private university in Bluefield, Virginia, with roughly 900 students. The incident took a nasty turn on May 1st, 2023, with the Avos threat actors still having access to the University's RamAlert system, an emergency alert system used to warn students and staff via email and text of campus emergencies or threats.

According to news reports, the FBI had successfully purchased a portion of the data - which included social security numbers and other sensitive information - on the dark web. As malicious software like "Info Stealer" gains more traction among cybercriminals, the dark web is still full of stories, tactics, and tips for using traditional cybercrime tools like ransomware, Trojan, Spyware, adware, and more.

Insider attacks such as fraud, sabotage, and data theft plague 71% of U.S. businesses, according to Capterra. According to Capterra's research, companies that allow excessive data access are much more likely to report insider attacks.

A Vietnamese threat actor has been attributed as behind a "Malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer. Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious software and other security threats.

Threat actor APT28 is exploiting an old vulnerability in Cisco routers using Simple Network Management Protocol versions 1, 2c and 3 to target the U.S., Europe and Ukraine. The advisory states that in 2021, APT28 used malware to exploit an SNMP vulnerability, known as CVE-2017-6742, that was reported and patched on June 29, 2017, by Cisco.

At the RSA Conference, IBM launched a platform-centric expansion to its QRadar security product, designed as a one-stop shop to accelerate response and offer a unified framework for security operations centers. "Today's Security Operation Center teams are protecting a fast-expanding digital footprint that extends across hybrid cloud environments - creating complexity and making it hard to keep pace with accelerating attack speeds," according to IBM, which also said the products are specifically meant to help buttress security operations center teams facing labor-intensive alert investigations and response processes, manual analysis and the proliferation of tools, data, points of engagement, APIs and other potential vulnerabilities.

Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape.Users, like with Microsoft's GPT-4-based Security Copilot, can "Conversationally search, analyze, and investigate security data" with an aim to reduce mean time-to-respond as well as quickly determine the full scope of events.

"M-Trends 2023 makes it clear that, while our industry is getting better at cybersecurity, we are combating ever evolving and increasingly sophisticated adversaries. Several trends we saw in 2021 continued in 2022, such as an increasing number of new malware families as well as rising cyber espionage from nation-state-backed actors," said Jurgen Kutscher, VP, Mandiant Consulting at Google Cloud. "As a result, organizations must remain diligent and continue to enhance their cyber security posture with modern cyber defense capabilities. Ongoing validation of cyber resilience against these latest threats and testing of overall response capabilities are equally critical," added Kutscher.