#EndpointSecurity

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

by

October 14, 2024 at 04:50AM Water Makara has been employing Astaroth banking malware in a spear phishing campaign targeting Latin American companies, particularly in Brazil. Malicious emails often imitate standard tax documents to deceive recipients into downloading infected attachments. Trend Micro highlights the need for increased security awareness and protective measures against evolving phishing threats. … Read more

Walking the Tightrope Between Innovation & Risk

by

October 10, 2024 at 12:02PM The July CrowdStrike incident highlights the risks associated with deploying security technologies. CISOs should focus on “secure innovation,” fostering a culture of security throughout the organization. Engaging employees and ensuring vendor security are crucial for maintaining operational stability while promoting innovation. Collaboration is key to balancing risk and progress. ### … Read more

The Perils of Ignoring Cybersecurity Basics

by

October 8, 2024 at 02:17PM CrowdStrike’s software update caused 8 million Windows devices to go offline, impacting hospitals, airlines, payment platforms, and emergency services. The issue stemmed from poor patch management and violated risk management policies. Experts recommend staged rollout of patches and diversifying operating systems to mitigate vulnerabilities, and note potential implications for cyber … Read more

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

by

October 3, 2024 at 02:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, allows for remote code execution and is actively targeted by threat actors. Federal agencies are … Read more

macOS Sequoia change breaks networking for VPN, antivirus software

by

September 20, 2024 at 11:47AM Users of macOS 15 ‘Sequoia’ are experiencing network connection errors when using certain EDR or VPN solutions and web browsers. Issues are resolved when these tools are deactivated, indicating network stack incompatibility. Some products advised against upgrading to macOS 15 due to networking structure changes. Temporary solutions and advisories have … Read more

‘Void Banshee’ Exploits Second Microsoft Zero-Day

by

September 16, 2024 at 06:11PM Microsoft disclosed a zero-day vulnerability, CVE-2024-43461, in its legacy MSHTML browser engine affecting all supported Windows versions. Remote attackers can exploit it to execute arbitrary code, requiring a victim to visit a malicious site. This flaw, part of an attack chain with CVE-2024-38112, was exploited by the “Void Banshee” group. … Read more

Hardware Supply Chain Threats Can Undermine Endpoint Infrastructure

by

September 13, 2024 at 10:02AM Operational resilience is crucial in the interconnected IT infrastructure, with hardware and firmware threats often overlooked. Global efforts, such as the US Executive Order and EU directives, aim to fortify supply chain security. Organizations face growing concerns over state-sponsored hardware and firmware threats, requiring a shift towards proactive endpoint security … Read more

How to Establish & Enhance Endpoint Security

by

September 9, 2024 at 10:02AM Endpoint security is crucial due to the diverse and evolving attack surface of devices. Security teams must focus on baseline security, Endpoint Detection and Response (EDR), Automated Moving Target Defense (AMTD), and Mobile Threat Defense (MTD) to establish and enhance endpoint security. These tools are essential for addressing the increasing … Read more

Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade

by

September 4, 2024 at 10:37AM The Cicada3301 ransomware, linked to at least 20 victims since June, shares similarities with BlackCat ransomware. It’s coded in Rust and targets Windows’ Volume Snapshot Service, manipulating the shadow copies. The malware also embeds user credentials and customizes ransom notes per victim. Its detection capabilities and targets, primarily SMBs, are … Read more

Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant

by

September 3, 2024 at 02:43PM Cybercriminals are posing as sellers of GlobalProtect VPN software from Palo Alto Networks and spreading a new variant of WikiLoader malware through SEO poisoning. The malware, known as WailingCrab, is traditionally spread through phishing and compromised websites. This campaign, discovered by Palo Alto’s Unit 42 team, has targeted US higher … Read more