Attacker Hides Malicious Activity in Emulated Linux Environment

November 5, 2024 at 05:34PM Securonix identified a novel cyberattack campaign, CRON#TRAP, where attackers use an emulated Linux environment to stage malware undetected. This technique, utilizing QEMU and Tiny Core Linux, allows covert data harvesting. Targeting North America, the campaign highlights the need for stronger phishing defenses and endpoint monitoring by organizations. ### Meeting Takeaways … Read more

Antivirus, Anti-Malware Lead Demand for AI/ML Tools

November 4, 2024 at 06:26PM Artificial intelligence (AI) and machine learning (ML) are increasingly adopted in cybersecurity, enhancing tools like firewalls and antivirus systems. A Dark Reading survey found significant use in phishing detection and threat response. While many use AI/ML, adoption in areas like fraud detection and user behavior analytics remains developing. **Meeting Takeaways: … Read more

Windows ‘Downdate’ Attack Reverts Patched PCs to a Vulnerable State

October 28, 2024 at 05:51PM Windows 11 systems, even when fully patched, can be compromised through a technique demonstrated by SafeBreach’s Alon Leviev. His Windows Downdate tool allows attackers with admin access to downgrade critical OS components back to vulnerable versions, exposing systems to potential rootkit installation and exploitation. Microsoft is developing mitigations to address … Read more

Fog ransomware targets SonicWall VPNs to breach corporate networks

October 27, 2024 at 05:47PM Fog and Akira ransomware operators are exploiting a critical vulnerability in SonicWall VPN accounts, leading to at least 30 network intrusions. Most cases involve Akira, with shared infrastructure indicating collaboration. Organizations lacked multi-factor authentication and used unpatched versions of SonicOS, resulting in rapid data encryption and theft following initial access. … Read more

Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

October 16, 2024 at 12:30PM Threat actors are exploiting the open-source EDRSilencer tool to evade endpoint detection and response (EDR) solutions. Trend Micro reports that EDRSilencer blocks the outbound traffic of various EDR processes, aiding malicious activities by rendering security software ineffective. This trend highlights the increasing use of advanced tools to circumvent security measures. … Read more

EDRSilencer red team tool used in attacks to bypass security

October 15, 2024 at 02:48PM EDRSilencer, an open-source tool, is being used by attackers to mute alerts from Endpoint Detection and Response (EDR) tools, enabling cyber threats to go undetected. Trend Micro reports it can block multiple EDR products, urging the adoption of multi-layered security measures to counteract this tool’s capabilities. **Meeting Takeaways: EDRSilencer and … Read more

Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

October 15, 2024 at 04:05AM Trend Micro’s Threat Hunting Team identified EDRSilencer, a tool designed to block endpoint detection and response (EDR) solutions, enhancing malware stealth by disrupting telemetry transmission. This enables threat actors to evade detection, complicating the identification of malware. Organizations are urged to strengthen security measures and monitor for this evolving threat. … Read more

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

October 14, 2024 at 04:50AM Water Makara has been employing Astaroth banking malware in a spear phishing campaign targeting Latin American companies, particularly in Brazil. Malicious emails often imitate standard tax documents to deceive recipients into downloading infected attachments. Trend Micro highlights the need for increased security awareness and protective measures against evolving phishing threats. … Read more

Walking the Tightrope Between Innovation & Risk

October 10, 2024 at 12:02PM The July CrowdStrike incident highlights the risks associated with deploying security technologies. CISOs should focus on “secure innovation,” fostering a culture of security throughout the organization. Engaging employees and ensuring vendor security are crucial for maintaining operational stability while promoting innovation. Collaboration is key to balancing risk and progress. ### … Read more

The Perils of Ignoring Cybersecurity Basics

October 8, 2024 at 02:17PM CrowdStrike’s software update caused 8 million Windows devices to go offline, impacting hospitals, airlines, payment platforms, and emergency services. The issue stemmed from poor patch management and violated risk management policies. Experts recommend staged rollout of patches and diversifying operating systems to mitigate vulnerabilities, and note potential implications for cyber … Read more