Mark Hughes, president of Security, DXC
Ransomware still top of mind
Ransomware is still a major concern for most companies. Here’s why, and what you can do about the insidious Royal ransomware.
Stay up to date on the latest threats, vulnerabilities and nation-state activities.
THREAT UPDATE
Royal ransomware — how it works and what to look for
Royal ransomware is good at evading detection. Here’s what you need to know.
By the numbers
26,448
software security flaws reported by CISA in 2022
80%
of businesses experienced a cloud security incident in 2022
~1 million
more people join the internet every day
33B
account breaches expected in 2023, with a hacker attack every 39 seconds
THREAT UPDATE
TrafficStealer monetizes network traffic
TrafficStealer malware uses open container APIs to generate revenue from high-traffic websites via fake clicks on ads.
THREAT UPDATE
Low-profile Linux backdoor now even stealthier
Chinese-affiliated BPFDoor malware bypasses firewall restrictions to remain undetected for extended periods.
THREAT UPDATE
Legion credential harvester updates capabilities
An emerging cloud-focused hack tool called “Legion” harvests credentials from misconfigured web servers and uses them to hijack emails.
By the numbers
~95%
of all digital breaches come from human error
90%
of data breaches result from phishing attacks
90%
of security breaches use servers as an attack surface
52%
of malware can use USB drives to bypass network security
THREAT UPDATE
Indonesian group targets AWS for crypto-mining
A threat actor called GUI-vil is targeting Amazon Web Services Elastic Compute Cloud (EC2) instances for crypto-mining operations.
THREAT UPDATE
RTM Locker now targets Linux ESXi hosts
RTM Locker ransomware now uses a Linux encryptor to target virtual machines on compromised VMware ESXi hosts.
Subscribe for the latest threat updates.
?qlt=90&ts=1665762600393&$landscape-x4_desktop$&dpr=off)
By the numbers
52%
of malware can use USB drives to bypass network security
59%
increase in critical vulnerabilities (CVEs) in 2022
61%
of organizations experienced 25%+ jump in cyber threats or alerts since the start of COVID-19
Other news
U.S. releases interagency ransomware guide
The U.S. CISA, FBI, NSA and MS-ISAC have jointly updated #StopRansomware Guide with best practices to detect, prevent, respond and recover from ransomware attacks.
macOS bug lets hackers bypass SIP root restrictions
Apple has addressed a vulnerability found by Microsoft researchers that lets attackers install “undeletable” malware and circumvent security checks to access a victim’s private data.
“Terminator” antivirus killer tool may be a BYOVD attack
A tool promoted by threat actor Spyboy on a Russian-speaking hacking forum claims to terminate any antivirus, XDR or EDR platform, but it may be just a bring-your-own-vulnerable-driver attack.
Hackers silently attacking Western Asia governments for years
GoldenJackal, a relatively unknown advanced persistent threat (APT) group, has been carrying out long-term espionage operations since 2019, notably in Afghanistan, Azerbaijan, Iran, Iraq, Pakistan and Turkey.
New for-purchase Google internet domains may be risky
Researchers warn that eight new top-level Google domains now for sale for hosting websites or email addresses could be used for phishing attacks and malware delivery.
Lazarus drops espionage malware on ISS servers
The infamous North Korean Lazarus group is targeting vulnerable Microsoft Internet Information Services (IIS) servers with malicious DLLs that deploy espionage malware.
Critical vulnerabilities found in NETGEAR RAX30 routers
Linking five vulnerabilities in NETGEAR Nighthawk RAX30 routers allows attackers to manipulate connected smart devices and expose users to malware, remote attacks and surveillance.