Blog

On October 6, 2022, CISA released a joint advisory advising telecommunications, defense, and critical infrastructure organizations to patch and mitigate the most prevalent Common Vulnerabilities and Exposures (CVEs) leveraged by suspected Chinese state-sponsored cyber threat actors since 2020. Context According to the report, “PRC state-sponsored cyber actors continue to target government and critical infrastructure networks…

Context On October 4, 2022, DCSO CyTec security researchers reported the technical details of a new backdoor malware targeting Microsoft SQL servers they dubbed “Maggie.” According to researchers, the Maggie backdoor can bruteforce logins to other MSSQL servers and add a new hardcoded backdoor user after bruteforcing administrator logins. Researchers did not investigate if and…

The annual RH-ISAC Cyber Intelligence Summit was held in Plano, Texas on September 20-21, 2022. Summit is the premier event for cybersecurity practitioners in the retail, hospitality, and travel industries. This year’s event had nearly 400 attendees for two days full of presentations and networking. The post-conference report is now available to download. It includes details about…

Since 2004, October has been recognized as Cybersecurity Awareness Month by organizations like the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), which are dedicated to helping individuals better protect themselves against online threats. This year CISA and NCA are focusing on the human element of security, with the 2022 Cybersecurity…

Context On September 29, 2022, security researchers at GTSC reported the technical details of two zero-day vulnerabilities they had observed being exploited by threat actors since August 2022. Microsoft confirmed the vulnerabilities and provided details of both: CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability that can enable an authenticated attacker to remotely trigger the…

A recent campaign drops Cobalt Strike Beacons, the RedLine Infostealer, and the Amadey Botnet with malicious scripts using two distinct methods. Context On September 28, 2022, Talos security researchers reported a campaign delivering Cobalt Strike beacons, the RedLine Infostealer, and Amadey botnet executables active since at least August 2022. Cobalt Strike is by far the…

A new dropper named “NullMixer” is spreading multiple malware families, including some seen regularly by the RH-ISAC community. Context On September 26, 2022, researchers at SecureList reported a new dropper they named “NullMixer” which spreads multiple malware families via malicious websites impersonating legitimate software downloads. According to SecureList, in addition to multiple malware families, NullMixer…

According to the 2022 Imperva Bad Bot Report, 27.7% of online traffic came from bad bots. For retail websites, it’s 23.6%. Bots routinely target retail sites with scalping and denial of inventory attacks, as well as fraud, gift card fraud, and account takeovers. The problem that many organizations are facing today is how to distinguish…

On September 21, 2022, the LockBit 3.0 ransomware builder named “Black” was leaked online by a developer working for the LockBit threat group. On September 22, 2022, security researchers Yang HuiSeong and Jeong Hyunsik released a technical analysis of the code. The leaked code is currently available on GitHub. Threat Actor Details LockBit is a…

The RH-ISAC awards are an annual opportunity to honor the individuals and member companies who have gone above and beyond in their commitment to the RH-ISAC community. The recipients of these awards have displayed extraordinary dedication to the culture of sharing and have gone out of their way to assist RH-ISAC in fulfilling our mission…