Campaign TypoSquatting PyPI Packages with Malicious Packages Containing Crypto Wallet Replacing Malware

On February 10, 2023, Phylum security researchers reported a resurgence in a previously seen campaign typosquatting legitimate Python PyPI packages with malicious packages to deliver a malware with cryptocurrency wallet clipboard replacing capabilities. Context  In November 2022, Phylum reported a similar campaign “in which threat actors attempted to replace cryptocurrency addresses in developer clipboards with…

Read More

Phishing Campaigns Targeting German and U.S. Organizations with Multiple Malware

On February 8, 2023, Proofpoint researchers reported multiple phishing campaigns targeting organizations in multiple industries in the U.S. and Germany. Context Proofpoint attributes the activity to the likely financially-motivated TA866, which they assess is a new threat group. The campaign is currently active and has been since at least October 2022. Technical Details The emails…

Read More

How to Create a Culture of “Healthy Paranoia”

In an increasingly connected world, no one is immune to cyber security risks. You don’t have to be in the middle of an incident to know that cybercrime and data breaches are widespread across all industries — and capable of bringing even a major corporation to its knees. In fact, according to Flashpoint’s 2022 Year…

Read More

Prilex POS Malware Targeting Contactless Credit Card Transactions

Context Prilex has been active since at least 2014 and evolved from an automated teller machine (ATM) malware into a POS malware in 2016, primarily targeting Brazilian and South American retailers. In 2022, the malware evolved further, conducting fraudulent “GHOST transactions” using EMV cryptograms generated by payment cards during the payment process. In previous cases,…

Read More

Bridging the Digital Privacy Gap

The term “cybersecurity” can oftentimes be ambiguous and difficult to define, no different than that of a single or multi-family office. But much like an Investment Policy Statement, identifying and defining risk down to the individual level is paramount in achieving both near-term and strategic objectives. In this blog post, we seek to shed light…

Read More

New Mimic Ransomware Abuses Everything Paid to Speed Encryption

Context On January 26, 2023, Trend Micro researchers reported the technical details of a new ransomware they dubbed “Mimic” they observed in June of 2022 targeting English and Russian-speaking users. Technical Details According to Trend Micro researchers, the campaign delivers an executable that drops multiple binaries and an archive containing the payload. Reportedly, the key…

Read More

Cybersecurity Budgets Increase for Retail & Hospitality Industry

Vienna, VA (January 25, 2023) – Information security teams have always had to do more with less, but 2023 might be the year when they are able to do more with more. Riding a three-year trend, 70% of CISOs expect their budgets to increase again this year, while 60% also expect more FTEs, according to…

Read More

Alleged Chinese Threat Actors Developing Fortinet Zero-Day Exploit for New “BOLDMOVE” Malware Campaign Targeting European and African Organizations

Context On January 19, 2023, Mandiant security researchers published the technical details of malware campaign preparations they’ve reportedly observed since October 2022. Two key points should be noted regarding Mandiant’s assessment: Mandiant has not directly observed exploitation of the vulnerability, or deployment of BOLDMOVE in the wild. Mandiant researchers assess with low confidence that the…

Read More

Retail & Hospitality ISAC and National Retail Federation Partner to Enhance Cybersecurity in the Retail Industry

Vienna, VA (January 10, 2023) –The National Retail Federation (NRF) and the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced a new collaboration to strengthen their collective efforts to improve cybersecurity within the retail and related consumer-facing sectors. This partnership will bring together RH-ISAC’s expertise in cybersecurity and threat intelligence with the…

Read More

New Linux Cryptominining Malware Developed with Shc in the Wild

On January 4, 2023, Ahn Lab Security Response Center (ASEC) researchers reported the technical details of a new Linux malware written using Shc delivering a cryptocurrency miner. ASEC researchers assess that the campaign is primarily targeting unspecified systems in South Korea. According to ASEC researchers, the malware authenticates through a dictionary attack on Linux SSH…

Read More