November 12, 2024 at 10:29AM The joint Cybersecurity Advisory highlights increased exploitation of zero-day vulnerabilities in 2023 by malicious cyber actors compared to 2022, urging vendors and end-users to adopt security measures. Recommendations include implementing secure software development practices and timely patch management to mitigate risks associated with routinely exploited vulnerabilities. ### Meeting Takeaways #### … Read more
November 11, 2024 at 04:49PM Threat actors are using a modified Remcos RAT to exploit a Microsoft Windows vulnerability via phishing emails. The malware utilizes multiple script languages to evade detection and installs itself through a complex process. Experts emphasize the need for patch management, employee training, and endpoint protection as critical defenses against such … Read more
November 6, 2024 at 10:08AM Cross-domain threats have surged, exploiting identity, cloud, and endpoint vulnerabilities with minimal detection footprints. Notable adversaries like Scattered Spider and North Korea’s Famous Chollima utilize stolen credentials and sophisticated phishing to conduct attacks. Defending against these requires integrated visibility, real-time threat hunting, and advanced identity protection measures to prevent breaches. … Read more
November 5, 2024 at 05:34PM Securonix identified a novel cyberattack campaign, CRON#TRAP, where attackers use an emulated Linux environment to stage malware undetected. This technique, utilizing QEMU and Tiny Core Linux, allows covert data harvesting. Targeting North America, the campaign highlights the need for stronger phishing defenses and endpoint monitoring by organizations. ### Meeting Takeaways … Read more
November 4, 2024 at 06:26PM Artificial intelligence (AI) and machine learning (ML) are increasingly adopted in cybersecurity, enhancing tools like firewalls and antivirus systems. A Dark Reading survey found significant use in phishing detection and threat response. While many use AI/ML, adoption in areas like fraud detection and user behavior analytics remains developing. **Meeting Takeaways: … Read more
October 28, 2024 at 05:51PM Windows 11 systems, even when fully patched, can be compromised through a technique demonstrated by SafeBreach’s Alon Leviev. His Windows Downdate tool allows attackers with admin access to downgrade critical OS components back to vulnerable versions, exposing systems to potential rootkit installation and exploitation. Microsoft is developing mitigations to address … Read more
October 27, 2024 at 05:47PM Fog and Akira ransomware operators are exploiting a critical vulnerability in SonicWall VPN accounts, leading to at least 30 network intrusions. Most cases involve Akira, with shared infrastructure indicating collaboration. Organizations lacked multi-factor authentication and used unpatched versions of SonicOS, resulting in rapid data encryption and theft following initial access. … Read more
October 16, 2024 at 12:30PM Threat actors are exploiting the open-source EDRSilencer tool to evade endpoint detection and response (EDR) solutions. Trend Micro reports that EDRSilencer blocks the outbound traffic of various EDR processes, aiding malicious activities by rendering security software ineffective. This trend highlights the increasing use of advanced tools to circumvent security measures. … Read more
October 15, 2024 at 02:48PM EDRSilencer, an open-source tool, is being used by attackers to mute alerts from Endpoint Detection and Response (EDR) tools, enabling cyber threats to go undetected. Trend Micro reports it can block multiple EDR products, urging the adoption of multi-layered security measures to counteract this tool’s capabilities. **Meeting Takeaways: EDRSilencer and … Read more
October 15, 2024 at 04:05AM Trend Micro’s Threat Hunting Team identified EDRSilencer, a tool designed to block endpoint detection and response (EDR) solutions, enhancing malware stealth by disrupting telemetry transmission. This enables threat actors to evade detection, complicating the identification of malware. Organizations are urged to strengthen security measures and monitor for this evolving threat. … Read more