On February 8, 2023, Proofpoint researchers reported multiple phishing campaigns targeting organizations in multiple industries in the U.S. and Germany. Context Proofpoint attributes the activity to the likely financially-motivated TA866, which they assess is a new threat group. The campaign is currently active and has been since at least October 2022. Technical Details The emails…
Read More
In an increasingly connected world, no one is immune to cyber security risks. You don’t have to be in the middle of an incident to know that cybercrime and data breaches are widespread across all industries — and capable of bringing even a major corporation to its knees. In fact, according to Flashpoint’s 2022 Year…
Read More
Context Prilex has been active since at least 2014 and evolved from an automated teller machine (ATM) malware into a POS malware in 2016, primarily targeting Brazilian and South American retailers. In 2022, the malware evolved further, conducting fraudulent “GHOST transactions” using EMV cryptograms generated by payment cards during the payment process. In previous cases,…
Read More
The term “cybersecurity” can oftentimes be ambiguous and difficult to define, no different than that of a single or multi-family office. But much like an Investment Policy Statement, identifying and defining risk down to the individual level is paramount in achieving both near-term and strategic objectives. In this blog post, we seek to shed light…
Read More
Context On January 26, 2023, Trend Micro researchers reported the technical details of a new ransomware they dubbed “Mimic” they observed in June of 2022 targeting English and Russian-speaking users. Technical Details According to Trend Micro researchers, the campaign delivers an executable that drops multiple binaries and an archive containing the payload. Reportedly, the key…
Read More
Despite all the marketing hype related to ZTA, at the end of the day, it may not make sense for all organizations, particularly those in less risky environments to implement or pursue all components. That said, all organizations can learn from the tenets and leverage them to improve their security posture. In the preceding series,…
Read More
Context On January 19, 2023, Mandiant security researchers published the technical details of malware campaign preparations they’ve reportedly observed since October 2022. Two key points should be noted regarding Mandiant’s assessment: Mandiant has not directly observed exploitation of the vulnerability, or deployment of BOLDMOVE in the wild. Mandiant researchers assess with low confidence that the…
Read More
Based on the pillars discussed in the earlier series posts, nothing changes when approaching data security – we start with knowing what is – at a minimum, organizations need to identify and categorize sensitive, regulated, operationally critical data, etc. Data Labeling and the Categorization of Critical Data Types This process will involve mapping all the…
Read More
The Basics There are some straightforward, yet specific, tool-related recommendations organizations can implement at near zero additional cost to maximize investments already made in their environment. Initially, when folks think about network security for organizations, network appliances like firewalls (FW) come up in conversation. Less commonly discussed is how permissive the FW rules are. Too…
Read More
On January 4, 2023, Ahn Lab Security Response Center (ASEC) researchers reported the technical details of a new Linux malware written using Shc delivering a cryptocurrency miner. ASEC researchers assess that the campaign is primarily targeting unspecified systems in South Korea. According to ASEC researchers, the malware authenticates through a dictionary attack on Linux SSH…
Read More
