News – September 2023

September 14, 2023

The consequences of last year’s LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the “unauthorized party” that compromised LastPass users’ data was able to steal password vaults, it’s likely that they are having a hard time cracking them open. LastPass’s own ...

September 13, 2023

In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%. That said, he percentage of attacked ICS computers dropped in Q1 2023, but then rose again in Q2 2023, reaching highest quarterly figure since 2022 – 26.8%. Read more… Source: Kaspersky  

September 13, 2023

A new ransomware family calling itself 3AM has emerged. To date, the ransomware has only been used in a limited fashion. Symantec’s Threat Hunter Team, part of Broadcom, has seen it used in a single attack by a ransomware affiliate that attempted to deploy LockBit on a target’s network and then switched to 3AM when ...

September 13, 2023

Trend Micro researchers have been observing malware families RedLine and Vidar since the middle of 2022, when both were used by threat actors to target victims via spear-phishing scams. Earlier this year, RedLine targeted the hospitality industry with its info stealer malware. Their latest investigations show that the threat actors behind RedLine and Vidar now ...

September 13, 2023

Just hours after Apple wrapped up its annual product launch for the hotly anticipated iPhone 15, the Chinese government denied reports that it had banned officials from using the smartphones — and then noted recent “security incidents” involving the devices. “China has not issued any legislation, regulations or policy documents prohibiting the purchase and use of ...

September 13, 2023

The Ministry of Technology said an investigation was called into the cyberattack that transpired on the 26th of August 2023. The statement added that the cyberattack, which targeted email systems under the ‘gov.lk’ domain, resulted in substantial data loss and a disruption of communications within various state offices. It stated that the ICTA disclosed that this ...

September 12, 2023

In July 2023, Zscaler ThreatLabz discovered new malicious activity perpetuated by the Pakistan-based advanced persistent threat group (APT36). APT36 is a sophisticated cyber threat group with a history of conducting targeted espionage operations in South Asia. Zscaler ThreatLabz observed APT36 targeting Indian government sectors using a previously undocumented Windows RAT, new cyber espionage utilities for ...

September 12, 2023

One of the most exciting aspects of malware analysis is coming across a family that is new or rare to the reversing community. Determining the function of the malware, who created it, and the reasons behind it become a mystery to solve. The previously unseen dropper variant FortiGuard Labs researchers recently found, named MidgeDropper, has ...

September 12, 2023

CISA released three Industrial Control Systems (ICS) advisories on September 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-255-01 Hitachi Energy Lumada APM Edge ICSA-23-255-02 Fujitsu Software Infrastructure Manager Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

September 12, 2023

Espionage actors are continuing to mount attacks on critical national infrastructure (CNI) targets, a trend that has become a source of concern for governments and CNI organizations worldwide. Symantec’s Threat Hunter Team has found evidence that a threat actor group Symantec calls Redfly used the ShadowPad Trojan to compromise a national grid in an Asian ...