cyber threat Archives

Tech Optimizer

November 8, 2024

New malware SteelFox targets Windows users through fake software activators

A new malware named "SteelFox" is targeting Windows users by using counterfeit software activators to infiltrate systems, leading to cryptocurrency mining and data theft. Since February 2023, it has spread rapidly, primarily through torrent sites and online forums, masquerading as legitimate software cracks for programs like AutoCAD and Foxit PDF Editor. Upon installation, it deploys a risky driver called WinRingO.sys, exploiting vulnerabilities CVE-2021-41285 and CVE-2020-14979, which allows attackers to gain full access to the infected computer. The malware uses XMRig for crypto mining, causing performance issues and increased utility bills, while also stealing sensitive data from over 13 web browsers. Countries with high infection rates include Mexico, Brazil, Russia, China, and India. Kaspersky has blocked over 11,000 attempted attacks, but the actual number of infections may be much higher. To protect against SteelFox, users are advised to download software only from verified sources, maintain updated antivirus software, avoid pirated software, and keep systems current with security patches.

Tech Optimizer

October 31, 2024

Best Antivirus Software for Small Businesses in 2024

Small businesses often face challenges in selecting antivirus software, as personal tools may lack robustness and enterprise solutions can be complex and costly. There are antivirus solutions specifically designed for smaller companies. Six top antivirus software options tailored for small businesses include: 1. Bitdefender: - Starting price: .99 for 5 devices for 1 year. - Covers: macOS, iOS, Android, Windows, Windows Server. - Features: Unlimited VPN traffic, account breach monitoring, risk management, AI-powered Scam Copilot, integrated password management. 2. Norton: - Starting price: .99 a year for 6 devices. - Covers: Windows, macOS, iOS, Android. - Features: 24/7 customer support, password management, cloud backup, secure browser. 3. Trend Micro: - Pricing: Contact for customized quote. - Covers: Windows, macOS, iOS, Android. - Features: Endpoint detection, attack surface risk management, AI-driven threat intelligence. 4. ESET: - Starting price: .99 for 5 devices for 1 year. - Covers: Windows, macOS, iOS, Android, Linux. - Features: Certain plans include password manager. 5. Avira: - Starting price: .99 for 5 devices for 1 year. - Covers: Windows, macOS, iOS, Android. - Features: Unlimited VPN traffic, device cleaner, blocks unwanted spam calls. 6. Microsoft Defender: - Starting price: .75 per user per month. - Covers: Windows, macOS, Linux, iOS, Android. - Features: Built into Windows, integrates with Microsoft tools, automatic disruption of ransomware attacks. When choosing antivirus software, small businesses should assess their specific needs and budget, consider bundled plans for better value, utilize free trials, and schedule demo calls with sales teams for clarification.

Tech Optimizer

October 22, 2024

Kaseya survey finds human behaviour a top cyber threat

Kaseya's 2024 Cybersecurity Survey Report highlights that 89% of IT professionals view human behavior as the primary threat to cybersecurity. Phishing scams impact 58% of businesses surveyed, while ransomware payouts have declined to 11% due to increased investments in backup and recovery technologies. Over 80% of respondents expect their IT security budgets to remain stable or grow, with planned investments in cloud security, automated penetration testing, and security awareness training. The survey indicates a rise in cyber insurance adoption, increasing from 27% to 61% in 2024. The sample primarily includes companies from North America, with a focus on those with annual revenues between USD million and USD million and employing 101 to 500 individuals.

Winsage

September 24, 2024

Windows 10 and Windows 11 users need to avoid CAPTCHA pop-ups as new malware

Windows 10 and Windows 11 users are facing a new cyber threat involving fraudulent CAPTCHA verification pop-ups that distribute malware. Security experts at McAfee have identified that cybercriminals are using counterfeit CAPTCHA interfaces to trick users into executing malicious PowerShell scripts. When users click on the "I'm not a robot" option in these fake pop-ups, it leads to the copying of a dangerous script to their clipboard, which they are misled into executing. This attack method can occur on both fake websites and through emails. McAfee notes that these attacks utilize multi-layered encryption, complicating detection. Users are advised to avoid unofficial websites, verify URLs in emails, limit clipboard-based scripts, and keep antivirus software updated to protect against this threat.

Tech Optimizer

September 20, 2024

Infosys expand its strategic collaboration with Posti

Infosys is expanding its strategic partnership with Posti, the leading delivery and logistics provider in Finland, Sweden, and the Baltics, to improve customer experience and operational efficiency. Infosys is adopting an AI-driven strategy using Infosys Topaz to enhance Posti's operational efficiencies and service quality. The integration of Infosys Cobalt will implement the Live Enterprise Application Management Platform (LEAP) to support Posti's cloud journey and boost business productivity. Over the past five years, Infosys has strengthened Posti's IT infrastructure, reducing system interruptions and enhancing cyber threat detection and mitigation.

Tech Optimizer

August 25, 2024

Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited – Help Net Security

- PostgreSQL databases on Linux systems are being targeted by cryptojacking attacks due to inadequate security. - Cisco Talos has found vulnerabilities in Microsoft applications for macOS that could allow unauthorized access to microphones and cameras. - Google has fixed a zero-day vulnerability in Chrome, CVE-2024-7971, which was being actively exploited. - OpenCTI, an open-source cyber threat intelligence platform, has been launched to help organizations manage cyber threat data. - A compilation of cybersecurity job openings indicates a growing demand for professionals in the field. - A critical vulnerability in GitHub Enterprise Server, CVE-2024-6800, has been patched to prevent unauthorized access. - SolarWinds has released a patch for a critical flaw in its Web Help Desk solution following a previous fix for a code-injection vulnerability. - Hiya reported nearly 20 billion calls flagged as spam in the first half of 2024, with a rise in AI-driven scams. - Microsoft will implement mandatory multi-factor authentication for all Azure sign-ins. - North Korean hackers exploited a zero-day vulnerability in a Windows driver, CVE-2024-38193, to deploy a rootkit. - NGate malware has been identified, which uses NFC technology to steal funds from victims' payment cards on Android devices. - Many organizations face security vulnerabilities in APIs, particularly with exposed secrets. - Microchip Technology Incorporated experienced operational disruptions due to a cyberattack. - Experts are questioning the future of national data privacy legislation in the U.S. amid discussions on federal privacy laws. - Research indicates that fraudsters can exploit digital wallet apps to use stolen payment cards even after they are reported compromised. - x64dbg is gaining popularity among security professionals for malware analysis and reverse engineering. - Current vulnerability management approaches focus on risk prioritization as a starting point for security strategy. - Building a positive cybersecurity culture within organizations is essential for risk reduction and resilience. - Higher education institutions are exploring ways to enhance cybersecurity measures despite resource constraints. - A new phishing campaign targeting Android and iPhone users has been uncovered by ESET researchers. - Organizations are recognizing the importance of managing enterprise data to improve cybersecurity, despite challenges from siloed systems. - The federal government is focusing on food security as a critical infrastructure issue. - Organizations are adopting biometric solutions to counter the risks posed by deepfake technology. - New information security products have been released by companies including Entrust, Fortanix, McAfee, Own, RightCrowd, and Wallarm.

Winsage

August 14, 2024

New Windows Cyber Attacks Confirmed—CISA Says Update By September 3

Microsoft has released Patch Tuesday security updates addressing 90 vulnerabilities in the Windows ecosystem, including five critical zero-day vulnerabilities under active cyber attack. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included these vulnerabilities in the Known Exploited Vulnerabilities Catalog, requiring compliance by September 3. The five critical vulnerabilities are: 1. CVE-2024-38178: A memory corruption issue in the Windows scripting engine, allowing remote code execution, affecting Windows 10, Windows 11, and Windows Server 2012 and later, with a severity rating of 7.6. 2. CVE-2024-38213: A bypass of the Windows ‘Mark of the Web’ security feature, potentially allowing circumvention of SmartScreen protection, affecting Windows 10, Windows 11, and Windows Server 2012 and later. 3. CVE-2024-38193: An elevation of privilege vulnerability in the Windows ancillary function driver for WinSock, affecting Windows 10, Windows 11, and Windows Server 2008 and later, which could lead to SYSTEM privileges. 4. CVE-2024-38106: A Windows kernel elevation of privilege vulnerability affecting Windows 10, Windows 11, and Windows Server 2016 and later, arising from inadequate protection of sensitive data in memory. 5. CVE-2024-38107: A use-after-free elevation of privilege vulnerability in the Windows power dependency coordinator, affecting Windows 10, Windows 11, and Windows Server 2012 and later, which could lead to arbitrary code execution or system control.

Winsage

August 14, 2024

Microsoft fixes 6 zero-days under active attack – Help Net Security

Microsoft's August 2024 Patch Tuesday update addresses 90 vulnerabilities, including six zero-days actively exploited and four publicly known vulnerabilities. The zero-day vulnerabilities include: - CVE-2024-38178: A Scripting Engine Memory Corruption Vulnerability in Microsoft Edge's Internet Explorer Mode, allowing remote code execution if an authenticated user clicks a malicious URL. - CVE-2024-38106: A Windows Kernel bug that could enable SYSTEM privileges through a race condition. - CVE-2024-38107: A privilege escalation vulnerability in the Windows Power Dependency Coordinator requiring local access or user deception. - CVE-2024-38193: A local privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock, potentially allowing malware execution with SYSTEM privileges. - CVE-2024-38213: A vulnerability allowing attackers to bypass Windows SmartScreen by persuading users to open malicious files. - CVE-2024-38189: A vulnerability in Microsoft Project that can lead to remote code execution by tricking users into opening a specially crafted Project file. The publicly known vulnerabilities include: - CVE-2024-38200: A spoofing vulnerability in Microsoft Office that may allow NTLM hash capture. - CVE-2024-21302 and CVE-2024-38202: Elevation of privilege flaws in Windows Secure Kernel Mode and Windows Update Stack, respectively, facilitating downgrade attacks. - CVE-2024-38199: A use-after-free flaw in the Windows Line Printer Daemon Service that can lead to remote code execution. Additionally, two server-side request forgery (SSRF) vulnerabilities were identified: CVE-2024-38206 in Microsoft’s Copilot Studio and CVE-2024-38109 affecting Azure Health Bot, both requiring no action from customers for resolution.

AppWizard

August 5, 2024

Panamorfi Campaign Leverages Minecraft DDoS Package Deployed Via Jupyter Notebook and Discord

A new cyber threat campaign called "Panamorfi," orchestrated by the actor yawixooo, targets misconfigured publicly accessible Jupyter notebooks. The attackers use a Minecraft server DDoS tool distributed via Discord to overwhelm servers. The attack begins with yawixooo accessing exposed Jupyter notebooks and executing a command to download a zip file containing two Jar files: conn.jar and mineping.jar. The conn.jar file is crucial for executing the attack, utilizing Discord to manage the DDoS operation and loading mineping.jar, which is designed for TCP flood attacks. Researchers disrupted the attack by preventing the execution of conn.jar and recommend securing Jupyter notebooks, blocking specific file executions, limiting code execution capabilities, and applying security updates. Security professionals warn against sharing sensitive information in Jupyter notebooks.

Winsage

July 26, 2024

CrowdStrike, Microsoft Outage: Is Tech Too Vulnerable? – Georgetown University

- Cybersecurity firm CrowdStrike experienced a technical outage on July 19, 2024, due to a faulty software update that crashed customers' Windows systems. - The outage affected critical sectors such as flights, medical procedures, and other societal systems. - Despite not being a cyberattack, hackers took advantage of the chaos by using social engineering techniques to trick people into harmful actions. - The incident highlights the potential impact of a widespread cyberattack and raises questions about liability, accountability, and deterrence. - To secure ourselves, it is essential to follow best practices such as using complex passwords, updating software regularly, backing up files, and staying informed about cybersecurity threats.