Microsoft’s May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug
Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro’s Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that “this number is expected to rise in the coming months.” […]
Fake system update drops Aurora stealer via Invalid Printer loader
Malvertising seems to be enjoying a renaissance as of late, whether it is from ads on search engine results pages or via popular websites. Because browsers are more secure today than they were 5 or 10 years ago, the attacks that we are seeing all involve some form of social engineering. A threat actor is using […]
Ransomware attack on MSI led to compromised Intel Boot Guard private keys
On April 7, 2023 MSI (Micro-Star International) released a statement confirming a cyberattack on part of its information systems. While the statement does not reveal a lot of tangible information, this snippet is important: “MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than […]
U.S. Authorities Seize 13 Domains Offering Criminal DDoS-for-Hire Services
U.S. authorities have announced the seizure of 13 internet domains that offered DDoS-for-hire services to other criminal actors. The takedown is part of an ongoing international initiative dubbed Operation PowerOFF that’s aimed at dismantling criminal DDoS-for-hire infrastructures worldwide. The development comes almost five months after a “sweep” in December 2022 dismantled 48 similar services
Operation ChattyGoblin: Hackers Targeting Gambling Firms via Chat Apps
A gambling company in the Philippines was the target of a China-aligned threat actor as part of a campaign that has been ongoing since October 2021. Slovak cybersecurity firm ESET is tracking the series of attacks against Southeast Asian gambling companies under the name Operation ChattyGoblin. “These attacks use a specific tactic: targeting the victim companies’ […]
From DevOps to DevSecOps: Strengthen Product Security with Collaborative Tools
In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let’s dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villains. Application security and product security Regrettably, application security teams often intervene
Researchers Uncover SideWinder’s Latest Server-Based Polymorphism Technique
The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022. “In this campaign, the SideWinder advanced persistent threat (APT) group used a server-based polymorphism technique to deliver the next stage payload,” […]
Scans required for PCI DSS compliance
This is the fifth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for […]
Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability
Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said. The tech giant’s threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) weaponizing CVE-2023-27350 in their operations to achieve initial access. “This activity shows Mint
New Ransomware Strain ‘CACTUS’ Exploits VPN Flaws to Infiltrate Networks
Cybersecurity researchers have shed light on a new ransomware strain called CACTUS that has been found to leverage known flaws in VPN appliances to obtain initial access to targeted networks. “Once inside the network, CACTUS actors attempt to enumerate local and network user accounts in addition to reachable endpoints before creating new user accounts and […]