You are here

Home » Cybersecurity

Cybersecurity

Threat Awareness – Actors Using DocuSign Theme with a Malicious Blank Image File

Avanan posted a blog covering its research into what they are calling the “Blank Image Attack,” a newly observed technique where attackers place an empty image file within an HTML file. In the wild, Avanan researchers observed the following steps to the attack. First, the victim is prompted to download an HTML file attached to a spoofed DocuSign lure. This file only consists of a blank SVG image that contains code which automatically redirects the victim to a malicious website – giving the victim the impression that nothing happened.

Threat Awareness – Microsoft’s Default Blocking of Macros Creates Threat Actor Shift to LNK Files

Cisco Talos posted a blog covering its research into threat actor activity in the aftermath of Microsoft’s July 2022 action of blocking all VBA macros by default in documents downloaded from the internet. This action mitigated a common technique frequently used by attackers to gain access to networks and devices.

Cyber Preparedness – CISA Updates Best Practices for Mapping to MITRE ATT&CK®

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Best Practices Guide for MITRE ATT&CK® Mapping. CISA uses ATT&CK as a lens through which to identify and analyze adversary behavior. ATT&CK provides details on 100-plus threat actor groups, including the techniques and software they are known to use.

NSA Publishes Internet Protocol Version 6 (IPv6) Security Guidance

The National Security Agency (NSA) published guidance today to help the Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with a transition to Internet Protocol version 6 (IPv6). “IPv6 Security Guidance” highlights how several security issues can surface in networks that are new to IPv6, or in early phases of the IPv6 transition. Networks new to IPv6 lack maturity in IPv6 configurations and tools, and dual-stacked networks, which run on IPv4 and IPv6 simultaneously, have an increased attack surface.

Cyber Resilience – How Organizations Should Evolve after Implementing a Data Backup Process

Huntress has posted a blog discussing why simply having a backup process is not enough to protect an organization. Essentially, it is crucial that backups be verified and tested. Organizations need to define their recovery time objective, or how long it takes to recover from backups, and their recovery point objective, or what categories of data are necessary to back up in order to continue operations. Once these objectives are agreed upon, organizations have a metric to measure their current backup process against and see where it succeeds and fails.

Cuba Ransomware Group Joins Play Ransomware in Utilizing OWASSRF Vulnerability

Cyware has posted an alert detailing Microsoft sharing that the Cuba ransomware threat group has been observed targeting vulnerable Exchange servers using a zero-day exploit titled OWASSRF, or Outlook Web Access Server-Side Request Forgery. This is an escalation in criminal actors utilizing this exploit, as previously only the Play ransomware group had incorporated it into their malware.

Pages

Subscribe to Cybersecurity