You are here

Home » Cybersecurity

Cybersecurity

Threat Awareness – New USB Malware Variant Utilizes Novel Method of Obfuscation

Palo Alto Networks published a blog discussing research by its Unit 42 of a newly discovered variant of PlugX malware. This variant has a few unique capabilities, including the ability to hide itself within a USB using a novel technique that’s effective on the current Windows OS and that can only be detected using specialized forensic tools. It then copies all Adobe PDF and Microsoft Word files from the attached machine and spreads to any other removable drives (e.g., floppy, thumb, or flash) connected to the system.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - January 24, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

Threat Awareness – Actors Using DocuSign Theme with a Malicious Blank Image File

Avanan posted a blog covering its research into what they are calling the “Blank Image Attack,” a newly observed technique where attackers place an empty image file within an HTML file. In the wild, Avanan researchers observed the following steps to the attack. First, the victim is prompted to download an HTML file attached to a spoofed DocuSign lure. This file only consists of a blank SVG image that contains code which automatically redirects the victim to a malicious website – giving the victim the impression that nothing happened.

Threat Awareness – Microsoft’s Default Blocking of Macros Creates Threat Actor Shift to LNK Files

Cisco Talos posted a blog covering its research into threat actor activity in the aftermath of Microsoft’s July 2022 action of blocking all VBA macros by default in documents downloaded from the internet. This action mitigated a common technique frequently used by attackers to gain access to networks and devices.

Cyber Preparedness – CISA Updates Best Practices for Mapping to MITRE ATT&CK®

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Best Practices Guide for MITRE ATT&CK® Mapping. CISA uses ATT&CK as a lens through which to identify and analyze adversary behavior. ATT&CK provides details on 100-plus threat actor groups, including the techniques and software they are known to use.

NSA Publishes Internet Protocol Version 6 (IPv6) Security Guidance

The National Security Agency (NSA) published guidance today to help the Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with a transition to Internet Protocol version 6 (IPv6). “IPv6 Security Guidance” highlights how several security issues can surface in networks that are new to IPv6, or in early phases of the IPv6 transition. Networks new to IPv6 lack maturity in IPv6 configurations and tools, and dual-stacked networks, which run on IPv4 and IPv6 simultaneously, have an increased attack surface.

Pages

Subscribe to Cybersecurity