There are many crypto mining malware variants infecting systems on the internet. On Friday, March 4, 2021, I noticed an interesting hit in my honeypot logs. The binary it captured stood out, as it was rather large at 4MB. I immediately thought it would be a crypto miner written in the Go language. I was correct. This one however, has some newer exploits it's using for proliferation.
The use of authentication factors, one of the most fundamental and well understood concepts in information security, enables secure access to applications, services, and networks. It can affect an enterprise's security posture, however, as the drastic increase in data breaches and system attacks are largely based on compromised authentication.
Today, Akamai announced Akamai MFA, a phish-proof multi-factor authentication (MFA) service for the workforce that delivers all of the security benefits of FIDO2 with the frictionless end-user experience of a mobile push on a smartphone. Why has Akamai introduced this new service?
On March 2, 2021, the Microsoft Security Response Center alerted its customers to several?critical security?updates to Microsoft Exchange Server, addressing vulnerabilities currently?under attack.
It's been an interesting start to March in terms of public security incidents. This month kicked off with multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. And, as if that wasn't enough, that attack was quickly followed by the news that a hacktivist
Summary
A new Linux backdoor has been discovered by Intezer and has been named RedXOR. It's likely to have been developed by Chinese nation-state actors.
Threat Type
Malware, Backdoor, RAT, APT
Overview
Intezer discovered a new, sophisticated backdoor targeting Linux systems. It's likely to have been developed by Chinese nation-state actors based on the TTPs observed. Intezer has named the backdoor RedXOR due to it's encoding scheme based on XOR. RedXOR masquerades itself as polkit daemon. Intezer compares
Summary
SideWinder is an APT that targets South Asian government and military organizations with espionage campaigns, likely acting in Indian interests. DeepEnd Research reports on the most recent wave of activity from this threat group.
Threat Type
Malware, Phishing, Spyware, APT
Overview
DeepEnd Research published a blog post analyzing the most recent wave of SideWinder APT activity. This specific campaign appears to target government entities in Nepal. Their research began with the discovery of a server
Summary
On March 8, 2021, all GitHub authenticated sessions were invalidated due to a rare security vulnerability. Microsoft-owned GitHub released a security update on its blog with information about the vulnerability and their subsequent actions taken.
Threat Type
Vulnerability
Overview
An extremely rare but serious vulnerability was found by GitHub on March 8 affected a small number of GitHub sessions. This comes on the heels of a March 2 incident in which anomalous traffic was observed for an authenticat
Summary
Clast82 is a Android dropper spreading via the Google Play store and distributing the AlienBot banker and MRAT. Check Point reports on their analysis of this new dropper in a recent blog post.
Threat Type
Malware, Dropper, Banker, RAT
Overview
Check Point published a blog post analyzing a new dropper dubbed "Clast82." This dropper is bypassing the Google Play store defenses by ensuring that it does not drop any malicious payloads until after the Google Play Protect evaluation period is complete. Fir
Summary
A report from CyberArk looks at Kinsing and NSPPS which were thought to be two different families of malware. CyberArk's research concludes they are both from the same, single family.
Threat Type
Malware
Overview
The Kinsing and NSPPS malwares were thought to be from two different families of malware. A report from CyberArk concludes they are both variants of the same family of malware. CyberArk believes the first version of the malware was compiled prior to November 2019, was used as a RAT and was
In March 2020, Akamai saw a dramatic 30% rise in internet traffic -- equivalent to an entire year of growth. Post-pandemic, we believe there will be a return to normal internet traffic growth, but many things will never be the same.