Weekly
Oct 23 - 27, 2023
Okta faced unauthorized access as threat actors used stolen credentials to breach its support system, exposing certain customer files and uploading sensitive HTTP Archive (HAR) files. Confirmed targets BeyondTrust and Cloudflare detailed the attacks, with Cloudflare reporting a session token hijacking from a support ticket. BeyondTrust notified Okta of the breach on October 2, 2023 which continued until at least October 18, 2023. Read more
Cisco devices face a critical threat as threat actors adapt tactics to evade detection. The Fox-IT team discovered a modified backdoor in Cisco devices, making it nearly invisible without the correct Authorization HTTP header. Exploiting CVE-2023-20198 and CVE-2023-20273, the attacks create an exploit chain, granting unauthorized access. Cisco responded with security updates, but the elusive threat actor complicates the assessment and thousands of devices may still be compromised. Read more
Philadelphia is under investigation for a data breach discovered in May, where attackers accessed city email accounts until July. Compromised data includes personal and health information. The city is conducting a review, pledging to notify affected individuals. Officials advise caution against fraud and identity theft, urging vigilance and prompt reporting of suspicious activity. The method of breach and reasons for delay remain undisclosed. Read more
Operation Triangulation, a sophisticated attack on Apple iOS devices used the TriangleDB implant and leveraged two zero-day exploits in iMessage (CVE-2023-32434 and CVE-2023-32435). The operation included concealment techniques, validator stages, and a zero-click exploit chain through an invisible iMessage attachment. The TriangleDB implant displayed advanced capabilities, communicating with a command-and-control server, evading forensic analysis, and employing unique features like a screen-aware microphone-recording module and GSM-based location monitoring. Read more
Stay ahead of the digital threat landscape! Dive into this blog dissecting LockBit ransomware—a potent force targeting major enterprises. Understand its origins, how it operates, and the impact it can have on organizations. Learn strategies to mitigate the risks and arm your organization with knowledge and resilience against the evolving menace of LockBit ransomware. Read more
Mirth Connect users, using NextGen HealthCare's data integration platform, must update to version 4.4.1 due to a critical unauthenticated remote code execution vulnerability (CVE-2023-43208). The flaw poses a significant threat and can compromise healthcare data. Technical details are withheld, but it's revealed as a patch bypass for CVE-2023-37679, impacting Mirth Connect versions since 2015/2016. All instances, not just Java 8 servers, are vulnerable, and must be updated, especially publicly accessible systems. Read more
98TB fully air-gapped and immutable Commvault backup and disaster recovery (DR) appliance with Object Lockdown Technology for Ransomware protection for $9,995.
10th Gen, 8-bay 2U Rackmount unit with 7x14TB (98TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For demos and details, contact us.
Weekly
Oct 16 - 20, 2023
D-Link, a major Taiwanese networking equipment manufacturer, faced a security breach due to a phishing attack, exposing customer and employee data, along with source code for D-Link’s D-View software. The breach involved an outdated system in a "test lab environment." The attacker claimed millions of records while D-Link differed and reported around 700 outdated records. Read more
Cisco has unveiled a severe zero-day vulnerability (CVE-2023-20198) in its IOS XE software. With a CVSS score of 10.0, the flaw impacts enterprise gear with an internet-exposed Web UI, enabling remote attackers to create privileged accounts. Malicious activity, detected from September 18 to October 1, revealed an authorized user creating a suspicious account. Another incident on October 12 involved an unauthorized user deploying a Lua-based implant. While attribution is unclear, CISA has issued an advisory and added the flaw to Known Exploited Vulnerability catalog. Read more
Henry Schein, a healthcare retail giant, confirmed a cyberattack on Oct 15, 2023, targeting its manufacturing and distribution sectors. Detected on Oct 14, the company took immediate action, collaborating with law enforcement and cybersecurity experts. To contain the incident, portions of the computer system were temporarily suspended. The website is temporarily down, and prompt service restoration efforts are on the way. While potential data compromise is under investigation, Henry Schein will promptly notify affected individuals. Read more
TetrisPhantom, an espionage campaign, is targeting APAC government entities. Employing a discreet method, it strategically exploits a specific hardware-encrypted USB drive commonly used by governments. Kaspersky suspects a nation-state's involvement due to the campaign's sophistication, emphasizing the strategic focus on well-protected government networks. The unique features involve malicious modules executing commands and collecting files through USBs. Read more
CERT-UA has revealed in its recent report that UAC-0165 has disrupted almost 11 telecom providers. The attackers probed networks, identifying vulnerable entry points using Dante, SOCKS5, and proxies. Employing POEMGATE and POSEIDON for control and WHITECAT to cover tracks, they gained persistent access by abusing VPNs that lacked multi-factor authentication. Read more
Ransomware has transformed into a profitable business model known as Ransomware-as-a-Service (RaaS), a dangerous collaboration between ransomware creators and distributors. This blog unravels the complexities of RaaS, examining its operations, dissecting notable incidents, and, most importantly, emphasizing the critical role of air-gapped backups and robust defense strategies as the foundation for protection against this pervasive threat. Stay informed, safeguard your data. Read More
56TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with Object Lockdown Technology for Ransomware protection & Instant multi VM recovery. Last 3 Units at half price!
Its 2U, 8 Bay Rackmount unit with 4x14TB Enterprise SAS drives, 12 Core Storage Virtualization Engine, 128GB System Memory, 1TB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, 1 Year Warranty & Support with 2 hours of professional services included.
This powerful 56TB DR365V Backup and DR appliance leverages Veeam-integration using the built-in Air-Gapped network, power management controller repository and storage controller using fully automated and Veeam integrated isolation technology.
Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For demos and details, contact us.
Weekly
Oct 9 - 13, 2023
Blockchain analytics firm reports a staggering $7 billion in cryptocurrency illicitly laundered through cross-chain crime, with the Lazarus Group, implicated in a $900 million misappropriation from July 2022 to date. Evading traditional money laundering methods, they are now use chain-hopping typologies to obscure fund origins. Lazarus exploits cross-chain bridges, contributing to a 111% surge in funds routed through such services. Read more
Air Europa, part of the SkyTeam alliance faced a data breach that exposed bank card data. The breach prompted swift action from Air Europa, securing systems and alerting authorities. Affected customers were urged to cancel cards to thwart potential fraud risks. Compromised data includes card numbers, CVV codes, and expiration dates. Crucial details, like the number of affected customers and breach timeline, remain undisclosed, raising concerns about the breach's full scope and the delay in remedial actions. Read more
CISA highlighted a severe use-after-free bug (CVE-2023-21608, CVSS 7.8) in Adobe Acrobat Reader, enabling potential remote code execution. Affected versions encompass Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. To counter the risk, users are advised to update to secure versions (Acrobat DC 22.003.20310, Acrobat Reader DC 22.003.20310, Acrobat 2020 20.005.30436, Acrobat Reader 2020 20.005.30436). Read more
The IZ1H9 variant of Mirai-based DDoS malware has expanded its exploits to target Linux-based routers from D-Link, Zyxel, TP-Link, and others. IZ1H9 integrates compromised devices into its DDoS swarm for orchestrated attacks and targets diverse IoT devices to construct a resilient botnet. The malware employs a range of exploits from 2015 to 2023 and exhibits a sophisticated attack chain, including payload injection and command-and-control capabilities supporting various DDoS attack types. Read more
Advanced Persistent Threats (APTs) are silent invaders, capable of causing financial wreckage and tarnishing reputations. It's not an option but a vital necessity for businesses to understand and enhance data protection against these stealthy, evolving threats. Our blog simplifies the complexities of APT attacks, explores their impacts, and equips you to fortify critical systems. Arm yourself with knowledge; safeguard your business. Read more
Storm-1133, a Gaza-based threat actor is targeting Israeli energy, defense, and telecom sectors. Storm-1133 employs a blend of social engineering and LinkedIn profiles to infiltrate organizations, posing as Israeli professionals. It uses a dynamic command-and-control infrastructure on Google Drive, adapting to evade security measures and deploys backdoors to ensure flexibility for C2 infrastructure updates. Read more
70TB Rubrik Air-gapped & Immutable Backup and DR appliance expandable up to 4PB with Object Lockdown Technology for Ransomware protection for $7,995.
8-bay 2U Rackmount unit with 5x14TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are included.
For demos and details, contact us.
Weekly
Oct 02 - 06, 2023
A spear-phishing campaign led by OilRig is committing covert intelligence operations. The attack features a new espionage-focused malware, Menorah, with machine identification and file manipulation capabilities. The Menorah infection chain involves scheduled tasks and dropping the executable "Menorah.exe" for remote server contact. OilRig evolves and uses the SideTwist malware for persistence and adaptability to neutralize countermeasures. Read more
Experts have unveiled critical flaws in the TorchServe tool, ShellTorch, allowing remote code execution on compromised systems. The vulnerabilities include unauthenticated API misconfiguration, a severe SSRF flaw (CVE-2023-43654), and a SnakeYAML library insecurity (CVE-2022-1471). Exploiting these could lead to unauthorized access, arbitrary code execution, and complete server takeover. AWS issued an advisory, urging immediate TorchServe updates for users of specified PyTorch inference DLC versions. Read more
The FBI has issued a warning on the rise of dual ransomware attacks targeting U.S. companies. Cybercriminals employ a blend of variants like AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal, maximizing impact through varied combinations. Attacks occur within 48 hours to 10 days adding complexity for defenders. Evolving tactics involve custom data theft, wiper tools, and malware to put pressure on victims. Read more
Silent Skimmer targets online payment businesses across Asia Pacific, North America, and Latin America. The victims include online businesses and point-of-sale providers. The campaign exploits web application vulnerabilities, compromising payment checkout pages to stealthily collect sensitive payment data. After initial infiltration, threat actors use open-source tools and LOL bins, deploying a PowerShell-based RAT for control. Read more
In an increasingly interconnected digital landscape, the specter of Remote Code Execution (RCE) attacks looms large, posing a significant threat to the security of IT systems. Understand the complexities surrounding RCE vulnerabilities, reading this comprehensive overview that equips you with practical insights to fortify your defense mechanisms against RCE and discover effective strategies to safeguard your digital domains. Read more
Researchers have uncovered Operation Jacana, a cyber-espionage campaign targeting a Guyanese governmental entity. The attack employed a spear-phishing tactic featuring a novel C++ implant named DinodasRAT. The campaign started with deceptive emails referencing a Guyanese fugitive in Vietnam, leading victims to a compromised Vietnamese governmental domain. DinodasRAT, using the Tiny Encryption Algorithm, exfiltrated data, manipulated the registry, and executed commands. Read more
Veeam Cloud Immutable Backup & DR with build-in automated Policy-based Air-Gap technology, Spin-up in the cloud for FastTrack Recovery and Enterprise level Ransomware protection starting at $10/TB per month.
Immutable or regular cloud Storage for Backup, Archive Documents, Images, Videos just like One-Drive, share and archive unstructured data starting at $5/TB per month.
24/7 Smart Protect plan available for your complete support needs. Pay Month-to-month, no long-Term contract. All Datacenters are Certified for CJIS, HIPAA, SOC 2, ISO 27001, PCI-DSS.
For demos and details, contact us.