October 30, 2024 at 06:26PM Midnight Blizzard, a Russian-linked threat group, is executing a vast campaign using spear-phishing emails with signed Remote Desktop Protocol (RDP) files to compromise systems and harvest credentials. Targeting over 100 organizations, this tactic evades security measures, prompting Microsoft to recommend enhanced email security and multifactor authentication measures. **Meeting Takeaways:** 1. … Read more
October 25, 2024 at 04:29PM APT29, a notorious Russian cyber threat group, has targeted military, government, and private sectors through phishing campaigns. They recently aimed to steal Windows credentials by disguising emails as AWS communications. Experts advise blocking RDP files at email gateways and monitoring outgoing connections to thwart future attacks. **Meeting Takeaways: APT29 Phishing … Read more
October 25, 2024 at 12:44PM Amazon has seized domains utilized by the Russian hacking group APT29, known for sophisticated cyber-espionage targeting government entities. The phishing campaign aimed to steal Windows credentials via deceptive RDP files masquerading as AWS domains. Amazon clarified it and its cloud services were not direct targets of these attacks. **Meeting Takeaways: … Read more
October 8, 2024 at 03:10PM Microsoft’s October 2024 Patch Tuesday addresses a known issue in Windows servers disrupting Remote Desktop connections post-July security updates. It may affect legacy protocol usage. Temporary fixes include firewall customization and registry edits. Notably, this follows previous instances of connectivity problems after security updates. The update addresses 118 vulnerabilities, including … Read more
August 30, 2024 at 02:42AM Threat actors linked to North Korea are targeting developers with malware to steal cryptocurrency assets. The campaign involves publishing malicious packages to the npm registry. The attackers use various tactics, including fake job interviews and obfuscated JavaScript, to deploy malware and exfiltrate sensitive data. CrowdStrike has linked the group to … Read more
June 5, 2024 at 07:01AM RansomHub, a new ransomware strain, has been identified as a rebranded version of Knight ransomware. It employs double extortion tactics and targets various platforms, using phishing campaigns for distribution. The group behind it has been linked to recent attacks and is recruiting affiliates. Ransomware activity has been on the rise, … Read more
March 25, 2024 at 04:39AM Iran-affiliated threat actor MuddyWater launches a new phishing campaign targeting Israeli entities. They aim to deliver a Remote Monitoring and Management solution called Atera through malicious links in emails and PDF attachments. Another Iranian group, Lord Nemesis, breaches a software services provider, leading to a software supply chain attack on … Read more
February 20, 2024 at 06:27AM ConnectWise released software updates to fix critical security flaws in its ScreenConnect remote desktop and access software. The vulnerabilities could enable remote code execution and impact confidential data or critical systems. Users of affected versions are urged to update to version 23.9.8 to mitigate the risk of exploitation. Key Takeaways … Read more
February 5, 2024 at 04:52PM AnyDesk announced its production systems have been compromised, leading to plans for certificate revocation and password resets. The company assured that end user devices were unaffected and that it is collaborating with law enforcement agencies. AnyDesk advised customers to update passwords and confirmed that it is safe to use its … Read more
February 4, 2024 at 12:19PM On Feb 3, 2024, AnyDesk reported a cyber attack, compromising its production systems. The German company revoked security certificates, urged password changes, and recommended downloading new software versions. No evidence of end-user system effects was found. Cybersecurity firm Resecurity discovered threat actors selling customer credentials for potential scams, prompting concerns … Read more