You are here

Home » Cybersecurity

Cybersecurity

Threat Awareness - Snake Keylogger Propagates Through Malicious PDFs

Security researchers have discovered a new phishing campaign that leverages malicious PDFs and a five-year-old remote code execution (RCE) vulnerability to deliver Snake Keylogger malware to victim devices. Snake Keylogger steals credentials, victim keystrokes, screenshots of victim’s screen, and clipboard data. In this particular campaign, victims’ receive an email named “Remittance Invoice,” with a weaponized PDF attached. When the PDF is opened, Adobe Reader prompts them with a Word document, deceivingly named “has been verified” to trick users into opening it.

CISA’s FY21 Risk and Vulnerability Assessments – Phishing Lingers, but Use of Valid Accounts Leads Initial Access Techniques

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released its Analysis of FY21 Risk and Vulnerability Assessments along with an infographic mapping to the MITRE ATT&CK® Framework of 112 Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2021.

Threat Awareness – Emotet Most Active Malware of Q1 2022

The infamous Emotet malware was the most common type of malware observed in the first quarter of 2022, according to analytics from the HP Wolf Security threat research team. The researchers found a 28-fold increase in detections resulting from Emotet malicious spam campaigns compared to the fourth quarter of 2021. Emotet represents 9 percent of all malware analyzed by the researchers. The Cybersecurity and Infrastructure Security Agency (CISA) described Emotet as one of the most destructive and costly malware to remediate.

Cyber Threat Actors are Creatures of Habit

From known and routinely exploited vulnerabilities to routinely exploited controls and practices, cyber threat actors often stick with what works and take the path of least resistance. While there are sophisticated threat groups that research vulnerabilities and develop new exploits and attack behaviors, many repeatedly use the same tactics over and over. Essentially, bad guys keep using the same methods, because the same methods keep working when organizations are slow to bolster their cybersecurity postures with recommended practices such as patching and credential hardening efforts.

FBI FLASH - Cyber Actors Scrape Credit Card Data from US Business’ Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code

The FBI has published a TLP:WHITE FLASH warning that cyber actors are scraping credit card data from U.S. business’ online checkout page and maintaining persistence on victims’ devices by injecting malicious php code. The FLASH indicates that since January of this year, unknown threat actors have stolen credit card data from an online U.S. business and sent the scraped data to an adversary-controlled server that spoofed a legitimate card processing server.

Establishing an Insider Threat Program

Insider threats are becoming a greater challenge for companies to deal with and yet many companies still do not have established programs for monitoring and responding to potential insider threats. According to the cybersecurity firm Tessian, insider threat incidents increased by 47 percent between 2018 and 2020 and insiders are responsible for around 22 percent of all security incidents. Therefore, as the threat grows, companies can help mitigate against potential incidents by establishing insider threat programs.

Pages

Subscribe to Cybersecurity