2022, Infrastructure and Malware

Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134

Lacework

JUNE 7, 2022

Details regarding the recent Confluence OGNL ( CVE-2022-26134 ) exploit were released to the public on June 3rd 2022. While this was expected, there appears to be more widespread exploitation of CVE-2022-26134 compared to previous Confluence vulnerabilities. Username first seen in early May with various malware.

Malware

Malware Infrastructure IoT Azure

Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers

Tenable

MAY 16, 2024

Unlike traditional on-premises infrastructure, cloud infrastructure allows attackers to quickly deploy resources for cryptomining, making it easier to exploit. One of the most common cryptomining threats for cloud environments is the Kinsing malware. It was first spotted at the end of 2022 in China.

Malware

Malware Cloud Open Source Systems Administration

How Watchdog smuggles malware into your network as uninteresting photos

Lacework

JULY 15, 2022

This ancient technique has found its place in the world of malware, namely hiding malicious code within other files including image formatted files ( T1027.003 ). General indicators and signatures for steg malware are provided in the hunting section. Steg malware is uncommon relative to other malware. Malware Details.

Malware

Malware Network Storage Groups

Webinars

Apache Airflow®: The Ultimate Guide to DAG Writing

From Start to Scale: Driving Growth Through Seamless Payments Implementation

MORE WEBINARS

More connected, less secure: Addressing IoT and OT threats to the enterprise

CIO

NOVEMBER 14, 2023

These issues are akin to leaving the front door to your digital infrastructure unlocked. Malware is the top threat to IoT/OT With so many vulnerabilities plaguing IoT devices, these devices are attractive and relatively easy entry points into corporate networks for attackers. of the total number of attempted IoT malware attacks.

IoT

IoT Enterprise Malware Authentication

Radar trends to watch: May 2022

O'Reilly Media - Ideas

MAY 3, 2022

It’s infrastructural, it doesn’t risk incorporating biases or significant ethical problems, and (if it works) it improves the quality of human life. 2022 promises to be an even bigger year for cryptocrime than 2021. It’s adaptable to other critical infrastructure systems. It’s probably a better experience in VR.

Artificial Inteligence

Artificial Inteligence Trends Energy Software Review

Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors

Tenable

NOVEMBER 19, 2024

critical infrastructure with the intent to maintain persistent access. critical infrastructure, showing a specific interest in operational technology (OT) environments. critical infrastructure, showing a specific interest in operational technology (OT) environments. and beyond.

Infrastructure

Infrastructure Software Review Malware Systems Review

A Tale of Two CIO Priorities: It’s the Best Security for IT Infrastructure, It’s the Worst for Cyber Criminals

CIO

AUGUST 2, 2022

Yet, in 2022, the first three conversations are laser-focused on cybersecurity and how storage is a critical element of an overall corporate cybersecurity strategy. If an enterprise does not have the proper level of cyber resilience built into its storage and data infrastructure, there is a huge gap.

Infrastructure

Infrastructure Storage Strategic Planning Enterprise

Is a Deep Cover “Cyber Spy” Lurking in Your Data Infrastructure?

Infinidat

FEBRUARY 24, 2022

Is a Deep Cover “Cyber Spy” Lurking in Your Data Infrastructure? Thu, 02/24/2022 - 11:57. The answer is none, but most of the time enterprise organizations don’t even know that a cybercriminal has infiltrated their data center, network, storage, and servers, compromising their data infrastructure. Evan Doherty.

Infrastructure

Infrastructure Backup Data Storage

CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability

Tenable

FEBRUARY 9, 2024

critical infrastructure through exploitation of known vulnerabilities Background On February 8, Fortinet published an advisory (FG-IR-24-015) to address a critical flaw in FortiOS, its network operating system. and international agencies. CISA, NSA and FBI warns of pre-positioning by Volt Typhoon in U.S.

Malware

Malware Authentication Infrastructure Analysis

Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021

Tenable

AUGUST 4, 2022

Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021. International cybersecurity agencies issue a joint alert outlining the top malware strains of 2021. While malware is used for a variety of purposes, the government agencies point out that ransomware is a primary use case. CVE-2022-30190.

Malware

Malware Windows SMB Groups

Learning From the Past — Ten 2022 Cybersecurity Events to Know

Palo Alto Networks

DECEMBER 29, 2022

Last year’s most popular posts on the Unit 42 Threat Research blog let us examine what the events of 2022 can tell us about the year to come. Even before the beginning of the recent events starting in February 2022, there was significant cybersecurity activity in Eastern Europe. All Eyes on Eastern Europe. Beginning on Jan.

Malware

Malware Linux Telecommunications Government

Cybersecurity Snapshot: Attackers Hack Routers To Hit Critical Infrastructure, as CISA Calls for More Secure Router Design

Tenable

FEBRUARY 2, 2024

CISA is calling on router makers to improve security, because attackers like Volt Typhoon compromise routers to breach critical infrastructure systems. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) this week in the alert “ Security Design Improvements for SOHO Device Manufacturers. ”

Infrastructure

Infrastructure Open Source Software Review ChatGPT

CVE-2022-23648 in Containerd's CRI Plugin Could Allow for Container Breakout

Aqua Security

MARCH 28, 2022

First, the vulnerability shows up in the container image, not in the Kubernetes manifests, so it’s harder to spot with infrastructure-as-code (IaC) or admission control solutions. Second, it uses standard container image commands, so it’s not easily detected by malware scanning agents.

Malware

Malware Infrastructure

As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry

TechCrunch

MARCH 2, 2022

Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”.

Industry

Industry Pharmaceuticals AWS Report

Government Advisories Warn of APT Activity Resulting from Russian Invasion of Ukraine

Tenable

FEBRUARY 24, 2022

We’re urging all orgs to put #ShieldsUp to: - Reduce the likelihood of a cyber intrusion - Quickly detect a potential intrusion - Ensure you’re prepared to respond - Maximize resilience 3/4 — Jen Easterly (@CISAJen) February 12, 2022. Critical Infrastructure.” The targeting activity spans from January 2020 through February 2022.

Government

Government Malware Groups Network

Radar Trends to Watch: December 2022

O'Reilly Media - Ideas

DECEMBER 6, 2022

The popularity of cryptojacking (mining cryptocurrency with malware planted in someone else’s applications) continues to rise, as the collapse in cryptocurrency prices makes legitimate mining unprofitable. A threat group named Worok is using steganography to hide malware within PNG images. Its intent is to detect vulnerabilities.

Artificial Inteligence

Artificial Inteligence Trends Blockchain Malware

Cybersecurity Snapshot: Cyber Engineers and Architects Saw Salaries Spike in 2022

Tenable

FEBRUARY 24, 2023

technology employees in 2022, and the pay growth was even higher for cybersecurity architects and engineers, whose compensation benefitted from their highly specialized skills and the criticality of their jobs. in 2022 to $111,348, and, despite tech industry layoffs, tech unemployment stood at only 1.5% in 2022 to $96,379.

Security

Security Engineering Technical Review IoT

CISA Finding: 90% of Initial Access to Critical Infrastructure Is Gained Via Identity Compromise. What Can You Do About It?

Tenable

AUGUST 26, 2024

Conventional wisdom suggests the keys to protect critical infrastructure against cyberattacks are network segmentation and OT security. In fact, a CISA probe of 121 critical infrastructure networks found that their weakest link is identity compromise. Coast Guard (USCG), probed the networks of 121 critical infrastructure organizations.

Infrastructure

Infrastructure Malware Network Windows

The most important theme from AWS re:Inforce 2022

Lacework

AUGUST 17, 2022

AWS re:Inforce was back in person in Boston for the 2022 edition. The conference features a couple of announcements from AWS—mainly Amazon GuardDuty’s support for scanning EBS volumes for malware and Amazon Detective’s support for Amazon EKS workload investigation. The one critical takeaway. I’m actually happy about that.

AWS

AWS Programming Malware Recruiting

Landmark EU Law Strengthens Cybersecurity of Critical Infrastructures

Palo Alto Networks

DECEMBER 20, 2022

The European Union (EU) adopted the revised Network and Information Security Directive (NIS2) in November 2022. It is especially important in a time of growing geopolitical tensions and cyberattacks where European citizens and their economies depend on a stable and secure digital infrastructure.

Security

Security Infrastructure Report Network

FBI and CISA Release Cybersecurity Advisory on Royal Ransomware Group

Tenable

MARCH 3, 2023

Background As part of their #StopRansomware campaign, the Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency have released a cybersecurity advisory (CSA) discussing the Royal ransomware group. Analysis When the threat actor behind Royal emerged in January 2022, it was using the ALPHV/BlackCat ransomware.

Groups

Groups Systems Review Technical Review Software Review

Cybersecurity Snapshot: Critical Infrastructure Orgs Cautioned About Chinese Drones, While Water Plants Advised To Boost Incident Response

Tenable

JANUARY 19, 2024

Find out why Uncle Sam is warning critical infrastructure facilities about drones made in China, while urging water treatment plants to beef up incident response plans. In addition, the latest on the Androxgh0st malware. 1 - Critical infrastructure orgs warned about using Chinese drones Here’s a warning from the U.S.

Infrastructure

Infrastructure Malware Government Technical Review

DoControl raises $30M for no-code security tools for cloud app log-ins

TechCrunch

APRIL 14, 2022

trillion in IT spend overall in 2022. ” “When [CrowdStrike] detects malware on the end point we can find and remove the log-in,” he said, adding that CrowdStrike turning to a third party like DoControl for this work is a “testament to how hard all this is.”

Cloud

Cloud Tools Authentication Google Cloud

Hiring Remote Developers Versus Relocation – What To Choose in 2022?

Hacker Earth Developers Blog

JANUARY 26, 2022

This tactic is much more cost-efficient than relocation as long as the software engineering or web design workflow is backed by proper administrative support, digital infrastructure, and the security of collaboration at a distance. David is a computer security researcher with over 17 years of experience in malware analysis.

Development Team Review

Development Team Review Technical Review Development Software Review

CVE-2023-2868: Barracuda and FBI Recommend Replacing Email Security Gateway (ESG) Devices Immediately

Tenable

AUGUST 30, 2023

As part of the investigation, Mandiant discovered that attackers had been exploiting the vulnerability as a zero-day as early as October 2022. In these attacks, UNC4841 leveraged multiple backdoor malware families, dubbed SALTWATER , SEASPY , SEASIDE , SUBMARINE (DEPTHCHARGE), and WHIRLPOOL. Mandiant refers to this group as UNC4841.

Malware

Malware Software Review Systems Review Exercises

U.S. and Australian Agencies Publish Joint Cybersecurity Advisory on BianLian Ransomware Group

Tenable

MAY 18, 2023

Background As part of the #StopRansomware campaign, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. Background As part of the #StopRansomware campaign, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA) in the U.S.

Groups

Groups Systems Review Malware Technical Review

New Lacework report reveals increase in sophisticated cloud attacks

Lacework

MARCH 29, 2022

They never miss an opportunity to cash in, whether they take advantage of common cloud configuration mistakes, target software supply chains, or adapt malware to evade detection. Across our dataset, 31% of malware infections that we tracked during this period stemmed from Log4j exploitation as the initial infection vector.

Report

Report Cloud Malware Linux

Cybersecurity Snapshot: CISA Warns of Global Spear-Phishing Threat, While OWASP Releases AI Security Resources

Tenable

NOVEMBER 8, 2024

Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. Cybersecurity and Infrastructure Security Agency (CISA). That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Resources

Resources Malware Generative AI Artificial Inteligence

Radically Reduce Downtime and Data Loss with SaaS-based Disaster Recovery

CIO

OCTOBER 18, 2022

As 2022 wraps up, many IT leaders are re-evaluating their current infrastructure to understand how they can continue to modernize, reduce complexity at scale and — most importantly — protect their organization. But it’s not just the price tag.

Disaster Recovery

Disaster Recovery Technical Review Data Journal

3 Ways to Make Storage a Strategic Asset for Your Organization (Not Just an IT Cost)

CIO

SEPTEMBER 7, 2022

Storage has emerged in 2022 as a strategic asset that the C-suite, not just the CIO, can no longer overlook. This means that every possession in a company’s storage estate needs to be cyber resilient, designed to thwart ransomware, malware, internal cyber threats, and other potential attacks. Reduce IT costs. Key takeaways.

Storage

Storage Organization Disaster Recovery Enterprise

Radar trends to watch: April 2022

O'Reilly Media - Ideas

APRIL 5, 2022

Michigan is starting to build the infrastructure needed to support autonomous vehicles : dedicated lanes, communications, digital signage, and more. Corporate contact forms are replacing email as a vector for transmitting malware. It’s particularly interesting as an example of human-machine collaboration.

Trends

Trends Artificial Inteligence Open Source Artificial Intelligence

Cybersecurity Snapshot: ChatGPT Gets So-So Grade in Code Analysis Test, while JCDC Pledges To Focus on Protecting Critical Infrastructure

Tenable

FEBRUARY 16, 2024

Plus, JCDC will put special focus on critical infrastructure security in 2024. Improve critical infrastructure’s cybersecurity foundation. Accelerate cybersecurity innovation to curb emerging technology threats against critical infrastructure. And scammers leveraged tech tools to steal $10 billion from U.S. consumers last year.

ChatGPT

ChatGPT Software Review Analysis Infrastructure

Cybersecurity Snapshot: CISOs Value Prevention Over Response, While CISA Urges Cyber Teams To Prep for Quantum Attacks

Tenable

AUGUST 25, 2023

government says public- and private-sector organizations alike must start getting ready now – especially critical infrastructure operators. The vast majority of enterprises polled – 95% – experienced multiple cyberattacks in the past 12 months, with phishing (74%), malware (60%) and software vulnerability exploits (50%) being the most common.

Malware

Malware Artificial Inteligence Open Source Artificial Intelligence

Cr8escape: How Tenable Can Help (CVE-2022-0811)

Tenable

MARCH 29, 2022

On March 15, CrowdStrike published technical details and a proof-of-concept for CVE-2022-0811, a vulnerability they have named cr8escape, in the CRI-O Container Engine for Kubernetes. CVE-2022-0811 is a container escape vulnerability in CRI-O that can lead to elevation of privileges. was released to address CVE-2022-0811.

Malware

Malware Policies Linux Open Source

Security Advisory: Critical vulnerabilities in VMware

Lacework

MAY 20, 2022

CVE(s) (if available): CVE-2022-22954, CVE-2022-22955,CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961, CVE-2022-22972, CVE-2022-22973. For more details on Keksec , refer to Lacework Labs’ blogs and Github.

Malware

Malware IoT Authentication Network

What is a Security Operations Center (SOC) and Why Do You Need It?

Kaseya

MAY 2, 2022

According to the trends over the last couple of years, this figure is expected to rise in 2022. However, given the volume of work that IT management entails, it can be very difficult for your IT team to have complete visibility of your IT infrastructure all of the time. And that’s why we have SOC. MDR vs. SOC.

Security

Security Systems Review Network Malware

How to Build a Mobile-First Security Strategy

Ivanti

JUNE 3, 2024

Mobile Ransomware : In 2022, mobile ransomware moved from an experiment to a legitimate threat — from simple overlays that could be dismissed with a reboot to ones that encrypted files and locked down the device for real. Malware : The vast majority of Android malware is delivered from third-party app stores.

Mobile

Mobile Spyware Strategy How To

Critical infrastructure is more vulnerable than ever—your industry could be a prime target

Lacework

SEPTEMBER 6, 2022

One of the only major changes in cybercriminal operations is who their victims are—today, instead of targeting individuals, they’re targeting critical infrastructure. So, why did this shift occur, and which types of critical infrastructure are most at risk? Critical infrastructure is organized into 16 different sectors.

Infrastructure

Infrastructure Industry Transportation Malware

What’s next for network firewalls?

CIO

MAY 23, 2023

The spread of convergence Convergence is important to reducing cybersecurity complexity because it brings together the network and its security infrastructure into a single layer. Here are six predictions for the future of the firewall. We predict that the convergence of networking and security will continue to expand to more areas.

Firewall

Firewall Network WAN Artificial Inteligence

Prisma Cloud Automatically Secures Unprotected Cloud Workloads

Palo Alto Networks

APRIL 28, 2021

New functionality increases automation and detection, simplifies compliance checks and deepens visibility into malware threats for containers and hosts. Enhanced malware analysis for hosts and containers with WildFire integration. Additionally, new anti-malware and exploit prevention capabilities cover hosts and containers.

Cloud

Cloud Malware Serverless Compliance

Introducing New 4th Generation ML-Powered NGFWs

Palo Alto Networks

NOVEMBER 30, 2022

“Palo Alto Networks, long known as the inventors of the next-generation firewall (NGFW), demonstrate real innovation across multiple criteria in the network security space.” – The Forrester Wave™: Enterprise Firewalls, Q4 2022 Report. New Hardware Platform Releases. Read the PA-1400 Series datasheet. Meet the PA-445 and PA-415.

Firewall

Firewall Data Center Hardware Malware

From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25

Tenable

OCTOBER 22, 2024

Attackers could exploit Shellshock to gain full control of vulnerable systems, leading to data breaches, service interruptions and malware deployment. BlueKeep was featured in the Top Routinely Exploited Vulnerabilities list in 2022 and was exploited by affiliates of the LockBit ransomware group.

Software Review

Software Review Windows Groups Network

Cybersecurity Consolidation — What It Is and Why You Should Care

Palo Alto Networks

APRIL 18, 2023

According to our global pulse survey of 1,300 C-Suite leaders in What’s Next in Cyber 2022 , 96% of CXOs experienced at least one breach in the past year. The usual reaction by security teams is to review and add products across the entire security spectrum – intrusion prevention, anti-malware, DNS security, WAF and more.

Security

Security Software Review Malware Survey

Veeam Integration with Infinidat Strikes with Lightning-fast Recovery

Infinidat

MAY 12, 2022

Thu, 05/12/2022 - 15:04. Not only does this address the hyper-speed of business and real-time systems, but it also changes the game for building cyber resilience into your data infrastructure. To learn more about Infinidat and VeeamOn, join us at the VeeamON 2022, May 16-19 in Las Vegas (booth B6) and Virtual - [link].

Disaster Recovery

Disaster Recovery Backup Systems Review Technical Review

Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134

Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers

Webinars

Trending Sources

How Watchdog smuggles malware into your network as uninteresting photos

Webinars

More connected, less secure: Addressing IoT and OT threats to the enterprise

Radar trends to watch: May 2022

Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors

A Tale of Two CIO Priorities: It’s the Best Security for IT Infrastructure, It’s the Worst for Cyber Criminals

Is a Deep Cover “Cyber Spy” Lurking in Your Data Infrastructure?

CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability

Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021

Learning From the Past — Ten 2022 Cybersecurity Events to Know

Cybersecurity Snapshot: Attackers Hack Routers To Hit Critical Infrastructure, as CISA Calls for More Secure Router Design

CVE-2022-23648 in Containerd's CRI Plugin Could Allow for Container Breakout

As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry

Government Advisories Warn of APT Activity Resulting from Russian Invasion of Ukraine

Radar Trends to Watch: December 2022

Cybersecurity Snapshot: Cyber Engineers and Architects Saw Salaries Spike in 2022

CISA Finding: 90% of Initial Access to Critical Infrastructure Is Gained Via Identity Compromise. What Can You Do About It?

The most important theme from AWS re:Inforce 2022

Landmark EU Law Strengthens Cybersecurity of Critical Infrastructures

FBI and CISA Release Cybersecurity Advisory on Royal Ransomware Group

Cybersecurity Snapshot: Critical Infrastructure Orgs Cautioned About Chinese Drones, While Water Plants Advised To Boost Incident Response

DoControl raises $30M for no-code security tools for cloud app log-ins

Hiring Remote Developers Versus Relocation – What To Choose in 2022?

CVE-2023-2868: Barracuda and FBI Recommend Replacing Email Security Gateway (ESG) Devices Immediately

U.S. and Australian Agencies Publish Joint Cybersecurity Advisory on BianLian Ransomware Group

New Lacework report reveals increase in sophisticated cloud attacks

Cybersecurity Snapshot: CISA Warns of Global Spear-Phishing Threat, While OWASP Releases AI Security Resources

Radically Reduce Downtime and Data Loss with SaaS-based Disaster Recovery

3 Ways to Make Storage a Strategic Asset for Your Organization (Not Just an IT Cost)

Radar trends to watch: April 2022

Cybersecurity Snapshot: ChatGPT Gets So-So Grade in Code Analysis Test, while JCDC Pledges To Focus on Protecting Critical Infrastructure

Cybersecurity Snapshot: CISOs Value Prevention Over Response, While CISA Urges Cyber Teams To Prep for Quantum Attacks

Cr8escape: How Tenable Can Help (CVE-2022-0811)

Security Advisory: Critical vulnerabilities in VMware

What is a Security Operations Center (SOC) and Why Do You Need It?

How to Build a Mobile-First Security Strategy

Critical infrastructure is more vulnerable than ever—your industry could be a prime target

What’s next for network firewalls?

Prisma Cloud Automatically Secures Unprotected Cloud Workloads

Introducing New 4th Generation ML-Powered NGFWs

From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25

Cybersecurity Consolidation — What It Is and Why You Should Care

Veeam Integration with Infinidat Strikes with Lightning-fast Recovery

Stay Connected