Weekly
Oct 30 - Nov 3, 2023
FIRST officially introduces CVSS v4.0, a major upgrade after more than eight years since CVSS v3.0. Addressing criticisms of granularity and representation, it introduces supplemental metrics like Safety, Automatable, and Recovery. The new nomenclature system includes Base, Threat, Environmental, and their combinations, emphasizing that CVSS is more than just the Base score. This evolution will give unparalleled fidelity in vulnerability assessment and will contribute to more effective risk mitigation strategies. Read more
A critical flaw (CVE-2023-46604) in Apache ActiveMQ exposes a pathway for remote code execution, recently exploited by HelloKitty ransomware. The flaw, rated 10.0 on the CVSS scale, allows arbitrary shell command execution. Vulnerable versions include 5.8.0 to 5.18.0, affecting 3,326 instances globally. Successful exploitation enables loading remote binaries, triggering a ransomware-like process. Patched versions (5.15.16, 5.16.7, 5.17.6, 5.18.3) were released last month. Read more
MuddyWater executed a sophisticated spear-phishing campaign against Israeli entities, deploying N-able’s Advanced Monitoring Agent. MuddyWater, linked to Iran’s Ministry of Intelligence and Security, has a history dating back to 2017, consistently evolving its spear-phishing tactics. The recent campaign introduced a multi-stage infection vector through Storyblok, featuring hidden files and LNK files. Read more
Lazarus Group is targeting blockchain engineers on a crypto exchange using sophisticated macOS malware, KANDYKORN. Employing social engineering on Discord, they impersonate engineers, enticing victims to download a ZIP archive disguised as a cryptocurrency arbitrage bot. The attack involves multiple stages, utilizing Python scripts hosted on Google Drive, leading to KANDYKORN deployment. The malware, featuring advanced capabilities like reflective loading and execution flow hijacking, serves as a full-featured Remote Access Trojan. Read more
Trigona Ransomware: What is it and How to Defend Against it
Amid the evolving digital threats, Trigona ransomware emerges as a formidable adversary. This blog explores its origins, characteristics, and impact, providing actionable strategies for preparation and mitigation. Prioritize defense with measures like air-gapped backups and multi-factor authentication to safeguard against Trigona and fortify your cybersecurity. Stay informed, stay secure. Read more
Palo Alto Networks Unit 42, uncovers a revamped Kazuar second-stage backdoor with a focus on stealth and anti-analysis tactics. The code emphasizes advanced encryption and obfuscation, showcasing the maturity of threat actors. Kazuar's multithreading model, expanded command set, and proxy capabilities, using named pipes for peer-to-peer communication. The malware's adaptive anti-analysis features, including dormancy during scrutiny. Read more
Secure your critical VMware cluster environments with a 98TB ransomware-proof air-gapped and immutable appliance with built-in S3 object lockdown and File Lock for $9,995.
10th Gen, 8-bay 2U Rackmount unit with 7x14TB (98TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For demos and details, contact us.