Month: May 2023

  • Vulnerability Summary for the Week of May 22, 2023

    DEFENDEDGE

      The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD… Read more

  • CISA Warns of Hurricane/Typhoon-Related Scams

    DEFENDEDGE

    CISA urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon, as attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing attacks that use email or malicious websites to solicit personal information by posing as… Read more

  • Vice Society: One of the Most Impactful Ransomware Gangs of 2022

    DEFENDEDGE

    Vice Society (also known as Vice Spider, DEV-0832, and Vanilla Tempest) is identified as a Russian-based group specializing in intrusion, exfiltration, and extortion. Operating since the summer of 2021, Vice Society sets itself apart from other ransomware groups by deviating from the typical ransomware-as-a-service (RaaS) model. Instead of developing their own custom ransomware payload, they… Read more

  • CISA and Partners Release Cybersecurity Advisory Guidance detailing PRC state-sponsored actors evading detection by “Living off the Land”

    DEFENDEDGE

    Today, CISA joined the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners in releasing a joint cybersecurity advisory highlighting recently discovered activities conducted by a People’s Republic of China (PRC) state-sponsored cyber threat actor.  This advisory highlights how PRC cyber actors use techniques called “living off the land” to evade… Read more

  • People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection

    DEFENDEDGE

    Summary The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon. Private sector partners have identified that this activity affects networks across U.S. critical infrastructure… Read more

  • Vulnerability Summary for the Week of May 15, 2023

    DEFENDEDGE

    The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for… Read more

  • CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF)

    DEFENDEDGE

    Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and… Read more

  • BlackByte Ransomware Returns: Introducing the New Technology (NT) Variant

    DEFENDEDGE

    Emerging around July 2021, BlackByte is a fully featured Ransomware-as-a-Service (RaaS) group that infiltrates organizations and demands hefty ransoms. They employ a strategy known as double extortion, stealing files from the targeted organization and publicly leaking them if the ransom goes unpaid. BlackByte is known for continuously updating and distributing homonymous malware in various versions.… Read more

  • Lemon Group’s Cybercrime Enterprise Leverages Millions of Pre-Infected Android Phones

    DEFENDEDGE

    The Lemon Group, a large cybercrime enterprise, has installed “Guerilla” malware on approximately 9 million Android-based devices, including smartphones, watches, TVs, and TV boxes.   Techniques such as reflashing and silent installation have become prevalent in the past decade. Reflashing involves reprogramming or replacing the firmware of a device, allowing for modifications, firmware updates, or the… Read more

  • UNC3944 Exploits Azure Serial Console for Complete VM Takeover

    DEFENDEDGE

    A threat group known as UNC3944 (also known as Roasted 0ktapus and Scattered Spider) has been observed hijacking Microsoft Azure admin accounts through phishing and SIM-swapping attacks. The financially motivated group bypasses traditional detection methods within Azure and gains full administrative access to compromised virtual machines (VMs) within victim organizations using Microsoft’s cloud computing service.… Read more