Anyone interested in learning more about #DUCKTAIL can read the research into this #malware and operation here --> https://labs.withsecure.com/publications/ducktail-returns
and here -->
https://labs.withsecure.com/publications/ducktail-returns
Last year, our Mohammad Kazem Hassan Nejad discovered #DUCKTAIL--malware used by a Vietnam-based threat actor to hijack Facebook Business accounts.
Meta has announced a cease-and-desist letter to the operators, & added new Business security features. https://engineering.fb.com/2023/05/03/security/malware-nodestealer-ducktail/
NEWS: Notorious cyber crime group FIN7 is attacking companies using unpatched versions of Veeam’s Backup & Replication software.
The full research, including IOCs, timeline of events, and new tools used by FIN7, is available here>> https://labs.withsecure.com/publications/fin7-target-veeam-servers
WithSecure Intelligence identified attacks which occurred in late March 2023 against internet-facing servers running Veeam Backup & Replication software. Our research indicates with high confidence that the intrusion set used in these attacks is consistent with activities attributed to the FIN7 activity group. It is likely that initial access & execution was achieved through a recently patched Veeam Backup & Replication vulnerability, CVE-2023-27532
For more than 8 years, we have been committed to fixing vulnerabilities in our products that security researchers have identified & reported to us as part of our Vulnerability Reward Program.
From 2015 to 2022, we paid out approximately €200,000 in Bug Bounty Payments for 247 different vulnerabilities that have been discovered in our products and services.
Just heard #podcast by @mikko and his colleagues from @WithSecure Katie Inns and Antti Laatikainen (no masto handle?). A lot of basic but very important #patching stuff too keep up #security.
Bottom line:
1) Patching in enterprise is much more complex due to dependencies and ownership
2) it is also very very very important to patch „mass blast radius apps on the internet“
3) the trickyness of asset management in bigger envs
4) threat Intel practices for patching is important
… and many more
Like a huge % of breaches within pci envs happen due to pci segment 6 failures
For details listen to:
https://cybersecuritysauna.libsyn.com/074-do-you-even-patch-bro
Vulnerabilities and security gaps are increasingly being identified in software and applications daily. Attackers are often quick to act when any vulnerabilities are made known - even within minutes. You may have heard of the term patching in cyber security, but what is it exactly, and how does it figure into an organization's security posture? WithSecure security consultants Katie Inns and Antti Laatikainen join us to discuss all things patching.
"We’ve been developing machine learning-based cybersecurity systems for many years and began developing automation for analysis in our labs in 2005.... Since then, we’ve been waiting for our enemies to make the same move, and after 18 years, the wait is over – malware with artificial intelligence has arrived."
Read "Malware and machine learning: A match made in hell" -by Mikko Hypponen in Help Net Security>> https://www.helpnetsecurity.com/2023/04/03/machine-learning-malware/
While the campaigns were previously unreported, our DeepGuard technology is preventing these attacks.
However, previous research into OneNote attachments found many endpoint protection solutions parse these attachments incorrectly, making them effective tools for attackers.
Find out more about #Microsoft OneNote abuse, including practical advice for preventing and detecting these attacks, is available here -> https://www.withsecure.com/en/expertise/blog-posts/take-note-microsoft-onenote-abuse-and-how-to-tackle-it
And you can dig in deep here>> https://labs.withsecure.com/publications/detecting-onenote-abuse
NEW: WithSecure researchers are tracking a new spam campaign using malicious #OneNote files to trick users into downloading #malware.
The campaign has mostly hit organizations in France. Companies in the US, the UK & many European countries have also been affected.
The campaign’s emails look like short, generic replies to conversations.
Worried about malicious OneNote attachments?
No need if you follow this advice, courtesy of Jojo O’Gorman and Riccardo Ancarani>> https://www.withsecure.com/en/expertise/blog-posts/take-note-microsoft-onenote-abuse-and-how-to-tackle-it
EINGFOAN 
