Security News

Bluefield University is a small private university in Bluefield, Virginia, with roughly 900 students. The incident took a nasty turn on May 1st, 2023, with the Avos threat actors still having access to the University's RamAlert system, an emergency alert system used to warn students and staff via email and text of campus emergencies or threats.

According to news reports, the FBI had successfully purchased a portion of the data - which included social security numbers and other sensitive information - on the dark web. As malicious software like "Info Stealer" gains more traction among cybercriminals, the dark web is still full of stories, tactics, and tips for using traditional cybercrime tools like ransomware, Trojan, Spyware, adware, and more.

Insider attacks such as fraud, sabotage, and data theft plague 71% of U.S. businesses, according to Capterra. According to Capterra's research, companies that allow excessive data access are much more likely to report insider attacks.

A Vietnamese threat actor has been attributed as behind a "Malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer. Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious software and other security threats.

Threat actor APT28 is exploiting an old vulnerability in Cisco routers using Simple Network Management Protocol versions 1, 2c and 3 to target the U.S., Europe and Ukraine. The advisory states that in 2021, APT28 used malware to exploit an SNMP vulnerability, known as CVE-2017-6742, that was reported and patched on June 29, 2017, by Cisco.

At the RSA Conference, IBM launched a platform-centric expansion to its QRadar security product, designed as a one-stop shop to accelerate response and offer a unified framework for security operations centers. "Today's Security Operation Center teams are protecting a fast-expanding digital footprint that extends across hybrid cloud environments - creating complexity and making it hard to keep pace with accelerating attack speeds," according to IBM, which also said the products are specifically meant to help buttress security operations center teams facing labor-intensive alert investigations and response processes, manual analysis and the proliferation of tools, data, points of engagement, APIs and other potential vulnerabilities.

Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape.Users, like with Microsoft's GPT-4-based Security Copilot, can "Conversationally search, analyze, and investigate security data" with an aim to reduce mean time-to-respond as well as quickly determine the full scope of events.

"M-Trends 2023 makes it clear that, while our industry is getting better at cybersecurity, we are combating ever evolving and increasingly sophisticated adversaries. Several trends we saw in 2021 continued in 2022, such as an increasing number of new malware families as well as rising cyber espionage from nation-state-backed actors," said Jurgen Kutscher, VP, Mandiant Consulting at Google Cloud. "As a result, organizations must remain diligent and continue to enhance their cyber security posture with modern cyber defense capabilities. Ongoing validation of cyber resilience against these latest threats and testing of overall response capabilities are equally critical," added Kutscher.

Ransomware attacks have spiked, according to the NCC Group's Global Threat Intelligence Team. In its monthly threat report, NCC Group reported a 91% increase in ransomware attacks in March versus February and a 62% increase versus the month last year - the highest number of monthly ransomware attacks the group has ever measured.

Security researchers and analysts can now search Microsoft's Threat Intelligence Defender database using file hashes and URLs when pulling together information for network intrusion investigations and whatnot. "Often, analysts must go to multiple repositories to obtain the critical data sets they need to assess a suspicious domain, host, or IP address," Redmond wrote earlier about Defender Threat Intelligence, aka Defender TI. "DNS data, WHOIS information, malware, and SSL certificates provide important context to indicators of compromise, but these repositories are widely distributed and don't always share a common data structure, making it difficult to ensure analysts have all relevant data needed to make a proper and timely assessment of suspicious infrastructure."