In our increasingly digital world, the threat landscape is rapidly changing and expanding, leaving organizations to wonder how they can keep up with evolving threats. This is especially true as cyber criminals swiftly take advantage of new threat vectors and use global events as lures. As always, a robust cyber security fabric that enables you to virtually patch vulnerable systems using IPS signatures along with endpoint detection measures provides malware protection across the organization. Appropriate network segmentation to prevent threat propagation is also key to securing your organization. Check out our latest white papers on how to secure your organization without compromising performance. Wind.River.VxWorks.AO-Option.Urgent.Pointer.Integer.Underflow – CVE-2019-12260 indicates an attack attempt against an Integer Underflow Vulnerability on Wind River VxWorks Systems. The vulnerability is due to the application failing to perform adequate boundary checks on user supplied data. A remote attacker may be able to exploit this to execute arbitrary code within the system via a crafted request. The afftected products are VxWorks 7 and VxWorks 6.9.3, and the impact can lead to remote attackers gaining control over the vulnerable systems. Apply the most recent upgrade or patch from the vendor. RansomeEXX Trojan targets Linux Systems – Recently, security researchers discovered an ELF Trojan that targets Linux-based operating systems. Similarities in the code regarding the encryption of the data and the extortion procedures led the researchers to link it to the RansomEXX family, malware that is known for attacking large enterprises. The Trojan is very targeted, which means it contains hard-coded names and email addresses of their targets in the code itself.
AV Signatures: Linux/Ransomexx.A!tr W32/Encoder.JDQ!tr.ransom Indicator(s): f8bc1638ec3b04412f708233e8586e1d91f18f6715d68cba1a491d4a7f457da0 CB408D45762A628872FA782109E8FCFC3A5BF456074B007DE21E9331BB3C5849 Web Filtering: WatchBogMiner Mining Trojan Compromised Thousands of Servers – The hardware wallet Ledger revealed earlier this year that they experienced a data breach for a subset of their 9,500 customers. The exfiltrated data included first and last names, postal addresses, phone numbers, and order details. Recently, security researchers discovered a massive phishing campaign claiming to be from Ledger with warnings regarding the breach. The lure messages inform Ledger users that the company is experiencing a breach and their cryptocurrency assets are at risk. In the phishing emails, threat actors suggest they download the latest version of Ledger Live and set up a new PIN for their account using the provided malicious link. The malicious links are using Punycode characters that look incredibly similar to the real one, resulting in many victims taking the bait. Anyone who clicks on the link will be redirected to the fake download site of Ledger Live. However, the fake Ledger Live backdoor application can trick users into revealing their real credentials in the plotted recovery phase. Indicator(s): xn--ledgr-9za[.]com/ledger-live/download/ t-mobile-sq[.]com homeandfamilyuniverse[.]com kryptosproject[.]or ledger-live[.]io quikview-update[.]com quikview[.]app lmao[.]money dogcat[.]space xn--ledgr-9za[.]com Validate your network’s security accuracy, application usage and performance with our Cyber Threat Assessment.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |