Select Page
Slide 1

Weekly

Ransomware Roundup

Sep 11 - 15, 2023

Critical GitHub Flaw Puts Over 4,000 Repositories at Risk of Repojacking

A GitHub security flaw, disclosed on March 1, 2023, can enable repojacking attacks. The vulnerability involves a race condition during repository creation and username renaming, potentially affecting over 4,000 code packages. Repojacking bypasses the "popular repository namespace retirement" safeguard, allowing attackers to upload malicious repositories and potentially launch software supply chain attacks. Read more

ALPHV Brings MGM Resorts to a Halt in Ten Minutes

Cybercriminals from the ALPHV/BlackCat ransomware group targeted MGM Resorts through a LinkedIn-based attack. This breach led to significant disruptions in guest services, with electronic payments, key cards, slot machines, and more rendered inoperable. VX-Underground revealed that the attack was executed via social engineering, targeting an MGM IT support employee. Read more

Redfly Group Compromised National Grid by Deploying ShadowPad Malware

The Redfly group infiltrated an Asian nation's national grid using ShadowPad malware, compromising systems and exfiltrating credentials over six months. The hackers used the ShadowPad malware that allowed data harvesting with lateral movement, credential extraction, and keyloggers to propagate the breach. Read more

3AM Ransomware Threat Actor Deploys Bitwise Spider in the Wild

A novel ransomware, "3AM," is being deployed in the wild. It debuts as a Rust-coded malware and disables system services, encrypts files, and erases Volume Shadow copies for data recovery. In an attack, it was deployed on three machines with Cobalt Strike for post-exploitation. Its entry point remains undisclosed. While its origins are unclear, 3AM was used as a fallback by a LockBit affiliate. Read more

Botnets Unveiled: Navigating the Underworld of Cyber Threats

In our increasingly digital world, safeguarding your data is paramount, and one of the most potent threats we face today is botnets. These intricate networks of compromised devices can wreak havoc on businesses and individuals alike. Read this comprehensive guide to delve deep into the world of botnets, demystifying their operations and exploring the risks they bring to organizations. Read more

New Phishing Campaign Targets Corporations Through Microsoft Teams Messages

Microsoft alerts about a new phishing campaign called Storm-0324, which exploits Microsoft Teams messages to breach corporate networks. This campaign uses various malware payloads like downloaders, trojans, and ransomware. It previously employed email chains with invoice-themed content but now uses Microsoft Teams and SharePoint to distribute malicious files. This method abuses an issue exposed by JUMPSEC and an open-source tool named TeamsPhisher, a similar technique employed by the Russian nation-state actor APT29. Read more

Promo
128TB Veeam, Rubrik, Commvault Immutable & Air-gapped Backup & DR Appliance $9,995

128TB Veeam, Rubrik, Commvault Fully automated Immutable and Air-gapped Backup & DR Appliance with object lockdown, file lockdown, incremental and full snapshots, replication, and instant multi-VM recovery for $9,995.

It is 2U, 8 Bay Rackmount unit fully populated with 8x16TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 1TB NVMe SSD for virtualization, Dual 10Gb RJ-45 Ports, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller.

Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For demos and details, contact us.

Slide 1

Weekly

Ransomware Roundup

Sep 4th - 8th, 2023

Phishing Attacks Introduce Fresh SideTwist Backdoor and Agent Tesla Variant

APT34, AKA Cobalt Gypsy, has launched a new phishing campaign using the SideTwist backdoor. The attack starts with a malicious Microsoft Word document containing a macro that executes a Base64-encoded payload. The payload is the SideTwist variant that communicates with a remote server for commands. Additionally, Fortinet FortiGuard Labs uncovered an Agent Tesla variant spread via a Microsoft Excel document exploiting the CVE-2017-11882 vulnerability. Read more

Critical Vulnerabilities Discovered in SEL’s Power Management Products

Schweitzer Engineering Laboratories faced a severe security challenge with nine vulnerabilities in their electric power management products. These issues, rated from 4.8 to 8.8 on the Common Vulnerability Scoring System has affected SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator devices. CVE-2023-31171 allows attackers to execute arbitrary code via phishing emails, escalating with CVE-2023-31175 to gain admin privileges. CVE-2023-34392 enables covert control through watering hole attacks. Read more

Smishing Triad Launches Large-Scale iMessage Smishing Campaign in U.S.

The Smishing Triad has initiated an iMessage smishing campaign in the United States, exposing over 108,044 records. The group uses compromised Apple iCloud accounts to send fraudulent package-tracking texts through iMessage to steal personal information and payment credentials. This group offers "fraud-as-a-service" kits via Telegram, impersonating delivery services worldwide. Breached iCloud accounts are employed to deliver fake package delivery failure messages, leading victims to input credit card information into counterfeit forms. Read more

Vietnamese Cybercriminals Launch Malvertising Attacks on Facebook Business Accounts

Vietnamese cyber actors are leveraging advertising on social media platforms, including Facebook, to distribute malware. The cybercriminals misuse URL shorteners, Telegram, and legitimate cloud services for hosting malicious payloads. The Vietnamese Ducktail group targets Meta Business users, deploying malware to steal session cookies, particularly from Facebook business accounts. This campaign has evolved to include other platforms like Twitter, TikTok, and Google Ads. Read more

Demystifying SQL Injection: How It Works and How to Defend Against It

In the evolving realm of cybersecurity, SQL injection attacks pose a significant threat. Cybercriminals employ these stealthy exploits to infiltrate databases, access sensitive data, and disrupt digital operations. Understanding SQL injection is imperative for safeguarding your data and systems. By understanding the modus operandi, detection techniques, and proactive prevention strategies, you can stay one step ahead of cybercriminals, fortify your defenses and secure your data. Read more

Microsoft Reveals How a Crash Dump Led to Outlook Security Breach

Microsoft revealed that a Chinese threat actor, Storm-0558, acquired an inactive consumer signing key in a complex security breach. During a system crash in April 2021, a crash dump contained the signing key. This dump ended up on a corporate network, where Storm-0558 accessed it through an engineer's account. The hacker used the consumer signing key to gain unauthorized access to Outlook Web Access and Outlook.com. Read more

Promo
Fully Immutable & Air-Gapped Hyperconverged, SAN, NAS, Object Storage Appliance $5,995

Fully Immutable and Air-gapped Hyperconverged, SAN, NAS and S3 Object Storage Appliance with Ransomware protection for $5,995.

It is 2U, 8 Bay Rackmount unit, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller.

Supports up to 200 iSCSI Hosts, Support for CIFS/SMB & NFS Volumes, NAS Segment AES256 Data Encryption, WORM Compliant Policy-Based NAS Storage.

Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For demos and details, contact us.

Slide 1

Weekly

Ransomware Roundup

Aug 28th - Sep 1st, 2023

Rhysida Gang Claims Prospect Medical Ransomware Attack

Rhysida ransomware group orchestrated a massive cyberattack on Prospect Medical Holdings on August 3rd, compromising 500,000 social security numbers, vital corporate files, and patient records. PMH had to temporarily revert to paper records. While some systems are back online, the process of restoring patient records continues. Rhysida demanded 50 Bitcoins for the stolen 1.3 terabytes of data. PMH has yet to respond to inquiries. Read more

Hackers Leverage Brute Force Attacks on Cisco VPNs for Network Breaches

Hackers are targeting Cisco’s Adaptive Security Appliances by exploiting vulnerabilities using brute-force attacks, credential stuffing and taking advantage of the lack of multi-factor authentication enforcement. The attackers have been systematically targeting these devices since March. While properly configured MFA protocols have thwarted attacks, 11 customer breaches have still occurred between March and August. Read more

Critical Vulnerability in Citrix NetScaler Exploited by Ransomware Groups

Unpatched Citrix NetScaler systems fell victim to targeted ransomware attacks. Researchers attribute this to the STAC4663 cluster, which abused the CVE-2023-3519 vulnerability to achieve remote code execution without authentication. This campaign uses complex PowerShell scripts, PHP web shells, and an Estonian service, BlueVPS, for staging the malware. Researchers say that these actions are orchestrated by a familiar threat entity that specializes in ransomware-driven operations. Read more

Earth Estries’ Espionage Campaign Targets Governments and Tech Titans Across Continents

Earth Estries hacking group has targeted various sectors, including hospitality and government. Earth Estries employs Cobalt Strike, deploys Zingdoor and TrillClient malware, and utilizes DLL side-loading and PowerShell downgrade attacks to evade detection. They leverage public services for data exchange and maintain a global network of C2 servers. The hackers compromise internal servers and valid accounts for lateral movement within the victim’s networks and maintain a discreet profile to evade detection. Read more

Defending Your Data: The Vital Role of Multi-Factor Authentication

The rise of increasingly sophisticated cyber threats poses a significant risk to sensitive data. Traditional password-based security measures are no longer enough to fend off these threats. Multi-Factor Authentication (MFA) is a vital solution for strengthening data protection that goes beyond passwords by incorporating multiple authentication factors like tokens and passwords. Don't leave your data vulnerable and strengthen your security with MFA. Read more

Android Trojan MMRat Exploits Accessibility Feature for Remote Financial Fraud

The banking trojan MMRat disguises as government apps or dating applications and infiltrates via phishing sites resembling official app stores. MMRat exploits Android accessibility service and the MediaProjection API to gain control, persists through reboots, and collects extensive user data. It can even record screens, steal lock screen patterns and gain remote access. After committing fraudulent transactions, it self-destructs and deletes its traces. Read more

Promo
100TB Immutable and Air-Gapped Scale out NAS Appliance for $8,995

100TB Enterprise SSO NAS appliance with Air-Gap and Immutable delta-based Snapshots for ransomware protection and Support for Unlimited NAS Clients, bunch of data services and built-in S3 cloud connect for $8,995.

Gen 10, 8-bay 2U Rackmount appliance with 7x14TB Enterprise SAS drive pack, 10 Core Storage Virtualization Engine, 32GB system memory, 12Gb SAS Hardware RAID Controller and 800W Platinum Certified hot swappable power supply.

All Enterprise data Services such as Snapshot, Tiering, Encryption, Sync & Async, Replication, Supports CIFS/SMB and NFS, Cloud Connect to Azure Hot / Cool Blob / AWS-S3, Erasure Coding are included.

1 Year Warranty and Support is included in this price.

For demos and details, contact us.

WordPress PopUp Plugin

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email