Insights

Infostealers – Predecessor to Ransomware Attacks

Infostealers do what they say, steal the private information from your devices. They are often a precursor to a ransomware attack. This Insight looks at what they do and how to be safer.  

 

Infostealers and ransomware


Kaspersky Rolls Back for US Customers, Makes Way for UltraAV

Kaspersky antimalware was banned by the US government for security reasons. Kaspersky told users they would remove their software and offered software from UltraAV as a replacement. But they failed to notify users that UltraAV would be automatically installed. Now users are having to figure out how to uninstall UltraAV. If you used Kaspersky look out for the installation of UltraAV and remove it as soon as possible.   

 

Kaspersky causes more issues


GenAI Writes Malicious Code to Spread AsyncRAT

We have written before about how AI is being used to create more problems. This is an example of how it was used to write code to disseminate a remote access trojan, RAT, which allows hackers into your systems. Be very careful about packages you use.   

 

GenAI used to spread malware


Third Ivanti Bug Comes Under Active Exploit, CISA Warns

Ivanti has been having a challenging few months with multiple bugs discovered and exploited by cybercriminals. Be sure to install patches as soon as possible. 

 

Another Ivanti bug


Hurricane Helene Prompts CISA Fraud Warning

Helene is causing widespread damage and danger. Cybercriminals look to take advantage of anything if it benefits them. CISA, the national cybersecurity agency is warning of the scams that are occurring and will occur that appear to offer help for victims of Helene. Be very careful! Only donate to known charities. 

 

Scammers capitalize on disasters


AI Text Detectors – Do They Work?

AI is invading every area of life, business and personal. But how to tell if something was written by a real person of an AI system is not easy. This Insight looks at the challenges. 

 

Is it AI or not?


This CAPTCHA Test Can Trick Windows Users Into Installing Malware

We are all familiar with Captcha, the little app the attempts to separate bots from real people. Attackers have created their own that looks real but gets people to install info stealers, a very dangerous form of malware.  

 

Fake Captcha installs malware


New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit

CentOS is a Linux-based operating system that is now aligned with RedHat. This attack focuses on VPN servers using CentOS and installs a rootkit. 

 

CentOS attacked


Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

In a serious coordinated method, the attacker leverages flaws and compromised information from other cybercriminals to install a legitimate package from a legitimate vendor that creates a backdoor intended to be used for remote monitoring and management. Then other real tools are used to disseminate the malware throughout the organization. Healthcare organizations are the prime targets now. 

 

Ransomware targets healthcare


'Marko Polo' Creates Globe-Spanning Cybercrime Juggernaut

“Marko Polo” is a cybercrime major player using multiple types of malware and campaigns to attack. It is very successful targeting people and businesses in multiple ways. 

 

Cyber crime big business


Cyber Insurance – Necessary But Harder To Get

Cyber insurance is becoming more necessary due to the rising costs of a breach. But it is also getting more difficult and expensive to obtain. This Insight looks at the reasons why and what a company can do to help lower cyber insurance costs. 

 

Cyber insurance help

 


Microsoft Discloses 4 Zero-Days in September Update

The recently released patches from Microsoft addressed almost 80 vulnerabilities. Four are Zero-Days that are quite serious. Two allow attackers to bypass Windows security. Another permits attackers to increase their privileges to system-level and the last Zero-Day undoes recent updates that patched other vulnerabilities.  Be sure to patch the first two as soon as possible and the other Zero-Days soon after. Then prioritize the remaining patches based upon the affected systems and your use of that software. 

 

Install Microsoft patches now!


WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

WordPress is a widely used platform for creating and deploying web content. Its broad acceptance makes it a popular target for hackers. To counter that WordPress is now requiring two-factor authentication to help keep information safer. 

 

WordPress requiring 2FA


Hackers Proxyjack & Cryptomine Selenium Grid Servers

Selenium grid is an open source platform for doing parallel testing of web applications on multiple platforms and browsers. It is said to be used in 30% of cloud environments meaning the compromise of it will affect many companies. It is supposed to be an internal testing tool but over 30,000 servers are publicly reachable making them vulnerable. 

 

Selenium Grid used to deploy malware


'Hadooken' Malware Targets Oracle's WebLogic Servers

Oracle’s WebLogic servers are a widely used platform for developing and deploying applications. Now it is being used by attackers to deploy malware on users. 

 

Oracle WebLogic compromised