You are here

Home » Cybersecurity

Cybersecurity

Beyond Just the Known Exploited Vulnerabilities to the Vulnerabilities Threat Actors are Routinely Exploiting

On April 27, 2022, the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom published a joint Cybersecurity Advisory (CSA), 2021 Top Routinely Exploited Vulnerabilities (AA22-117A). As in prior years, this joint effort highlights multiple vulnerabilities that threat actors are routinely exploiting on devices and software that remain unpatched or are no longer supported by a vendor.

Threat Awareness - SocGholish and Zloader

A new threat analysis report from Cybereason examines the threat posed by two malware strains, SocGholish and Zloader, that masquerade as legitimate software updates and installers. From December 2021 to now, Cybereason researchers have observed an increase in the number of attacks involving SocGholish and Zloader. First, SocGholish is a JavaScript-based malware that poses as a legitimate browser update delivered to victims via compromised websites and establishes an initial foothold on a victim’s network before deploying ransomware or conducting other malicious activity.

Security Awareness – Organizations Continue to Fall Victim to Email Phishing Attacks

Email-borne cyber threats remain one of the most prevalent avenues for threat actors to target organizations and are thus a major headache for companies. A new report from Cyren and Osterman Research found that companies are spending an average of 3,850 hours per year responding to compromises caused by email-borne attacks. The most common breach vector the study found was compromised Office 365 login credentials. Email-based account compromise can lead to financial scams, business email compromise (BEC), and the deployment of ransomware.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - April 26, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

FBI FLASH - BlackCat/ALPHV Ransomware Indicators of Compromise

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with BlackCat/ALPHV ransomware. The Flash notes that BlackCat/ALPHV threat actors operate as a ransomware as a service (RaaS) organization and since March 2022 have compromised at least 60 entities worldwide. The group is reportedly the first successful ransomware entity to employ the RUST programing language, which is considered to be more secure.

Joint Cybersecurity Advisory – Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

The cybersecurity authorities of the U.S., Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) (AA22-110A) to warn organizations of the potential for increased Russian malicious cyber activity as a response to the unprecedented economic costs imposed on Russia as well as the materiel support provided by the U.S. and its allies and partners. Members are encouraged to review the advisory and immediately take action to protect against and mitigate this activity.

Security Awareness – Social Media Among Top Brands Impersonated in Phishing Attacks

Phishing attacks continue to be one of the one of the most common entry vectors for threat actors. Brand impersonation attacks, when adversaries attempt to mimic a website or domain of a well-known brand by using a similar domain name and webpage designed like the actual site, remain one of the most pernicious forms of phishing. A recent report from the IT company Check Point identifies the top brands criminals impersonated in brand phishing attacks in the first quarter of 2022.

Pages

Subscribe to Cybersecurity