In July, the CyberSift team has introduced updates and enhancements to our cybersecurity solutions, further bolstering our offerings and fostering innovation to keep our customers protected in an increasingly complex threat landscape.
SIEM Updates:
VMWare VSphere Improved EventEx log handling and parsing.
Introduced XenMobile syslog event support.
New UI feature: Data Extract. This bypasses the Elastic/Opensearch “Export To CSV” limitation of 10,000 rows. See the screencast below:
Exciting News!
MOBILE END-POINT PROTECTION IS HERE!
Protect your most valuable asset with a scalable, unified platform designed to protect both managed and unmanaged iOS, Android, and ChromeOS devices.
Organizations often lack visibility into how mobile devices manage data, making it difficult to assess the additional risks they face. With the growing daily use of mobile devices by employees, attacks targeting mobile users and the data they can access have significantly increased.
July 2024, top Cybersecurity news from around the globe:
Cyber Extortion Soars: Small Businesses Face Fourfold Risk of Attack
Orange Cyberdefense’s latest report reveals a 77% increase in cyber extortion victims year-over-year, with small businesses being four times more likely to be targeted than larger ones. In Q1 2024, 1,046 organizations faced double extortion attacks, where stolen data is posted on dark web sites to coerce ransom payments. Attacks are rising in growing economies and shared-language countries, notably in the US, UK, Canada, and Europe, with healthcare organizations being especially vulnerable. To defend against these threats, we advise robust backup plans, updated software, and strong multi-factor authentication. Source: MSN News
Cyberattack Shuts Down All Motor Vehicle Branches of Jefferson County Clerk’s Office
A cyber attack forced the Jefferson County Clerk’s Office to close its eight branches in July. Source: MSN News
Criminals Swiftly Exploit CrowdStrike Disruption
Hours after a faulty CrowdStrike file caused a global Windows outage, scammers began exploiting the situation. Reports indicate that phishing emails, masquerading as communications from "CrowdStrike Support" or "CrowdStrike Security," are circulating. Johannes Ullrich of SANS Technology Institute warned against trusting unsolicited "patches" offered through these emails. Source: MSN News
Prudential Financial Data Breach Affects 2.5 Million Individuals
In February 2024, Prudential Financial reported a ransomware attack that affected around 2.5 million people, though it was initially thought to impact only 36,000. The update, following the breach's detection a day after it began, also included revised details on the stolen data. Source: Malwarebytes Labs
Unseen Danger: QR Code-Embedded PDFs Pose a Hidden Threat
SonicWall Capture Labs reports that malware authors are exploiting PDF files with embedded QR codes to deceive users. These malicious PDFs, often disguised as security updates or document links, redirect users to phishing sites that mimic Microsoft login pages to steal credentials. Scanning these QR codes can lead to serious consequences, including unauthorized app downloads, premium SMS charges, and credential theft. Source: SonicWall
Fake Microsoft Teams for Mac
Competition among macOS stealers is heating up, with a recent malvertising campaign using a fake Microsoft Teams ad to deceive Mac users. This follows the rise of Poseidon (OSX.RodStealer), which employs similar methods. The Atomic Stealer is now exploiting Microsoft Teams as a keyword, a tactic previously seen with tools like Zoom and Slack. The campaign, which ran for several days with advanced evasion techniques, initially redirected to Microsoft’s site but was ultimately linked to a fraudulent Hong Kong-based advertiser. The issue has been reported to Google. Source: Malwarebytes Labs
Telegram Zero-Day Vulnerability Allowed Hackers to Spread Malware Hidden in Videos
ESET cybersecurity researchers have identified a zero-day vulnerability in the Telegram app for Android, which was used to deliver malicious files disguised as videos through chats. Named “EvilVideo,” this exploit enabled hackers to transmit Android payloads via Telegram channels, groups, and chats, making them appear as multimedia files. The vulnerability affected only Telegram versions 10.14.4 and earlier for Android devices. Source: TechWorm News
Millions of iOS Apps at Risk Due to Serious Security Flaw
EVA Information Security revealed that CocoaPods, a crucial tool for iOS and macOS development, had three vulnerabilities that exposed millions of apps to supply chain attacks. These flaws allowed for manipulation of email verification, takeover of abandoned pods, and code execution on the trunk server. Affecting around 3 million apps using 100,000 libraries, the vulnerabilities were patched in October 2023 with no known exploitation at that time. Source: MSN News
New CapraRAT Spyware Targeting Android Users
Recently, SentinelOne has identified four new CapraRAT Android Package Kits that are building on the attack group’s trend of continuing to embed spyware in video browsing applications. The four new CapraRAT Android Package Kits (Crazy Game, Sexy Videos, TikToks and Weapons) embed spyware that targets mobile gamers, weapons enthusiasts and TikTok fans, aiming to collect sensitive data and monitor user activities. Source: SiliconAngle
Apple Alerts iPhone Users in 98 Countries About Spyware Threat
In April 2024, Apple issued warnings about mercenary spyware attacks to users in 92 countries. Now, Apple has expanded its alerts to 98 countries, informing users of potential spyware threats targeting their iPhones. The warning message advises that Apple has detected attempts to remotely compromise the device linked to their Apple ID, suggesting that the user is likely targeted due to their role or identity. While the message acknowledges a margin of error, it urges users to take the warning seriously. Source: Malwarebytes Labs
Apple IDs Targeted in U.S. Smishing Campaign
Phishing attacks targeting Apple IDs are on the rise due to their widespread use and value. These credentials offer control over devices and access to personal and financial information, making them highly sought after by cybercriminals. Apple's strong brand makes users more susceptible to fake communications, which are increasingly delivered via malicious SMS, as seen in recent attacks in the United States. Source: Broadcom
North Korean Hackers Target Apple Mac Devices with New Malware
North Korean hackers are now targeting Apple users with fake job interviews to spread infostealing malware. Patrick Wardle has identified a new BeaverTail variant that steals sensitive data from web browsers, cryptocurrencies, iCloud Keychain, and more, and can also deploy the InvisibleFerret backdoor for persistent access. Source: MSN News
Comments