Black Tower Security

02/11/2022

Windows users will want to patch to the latest update. Microsoft released a patch to fix Windows Defender’s registry key for exclusions being editable by Everyone, to now only administrators. Without having this change, hackers could exclude their malicious directory from all scans and antivirus activity.

Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine.

02/10/2022

Latest update with Apple pushing patches for a zero day exploit. If you use iphones or macs be sure to update asap!

Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs.

02/09/2022

The FBI has released a warning that SIM swapping has become increasingly prevalent. They provide many recommendations on how to avoid this and how to protect yourself. As an organization, you can also setup geolocation monitoring and alarming for anomalous user logins and behavior to help combat these as well.



https://www.ic3.gov/Media/Y2022/PSA220208

02/07/2022

The Cybersecurity and Infrastructure security agency is escalating the need to patch windows systems of the latest January vulnerabilities. If your team hasn’t pushed the patches yet this should be an indication that it’s a high priority.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pos...

02/06/2022

The FBI released the latest IOCs for Lockbit ransomware. Be sure to add these iocs to your lists, but also consider using a next gen siem or xdr that applies machine learning to find anomalous activity in your systems before you get these types of indicators to look for.

02/03/2022

This points directly to what we’ve been telling our clients. You must monitor for anomalous behavior. Too many people depend solely on iocs and basic rules. Attackers have gotten wise to that.

A state-backed Chinese APT actor tracked as 'Antlion' has been using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies.

02/02/2022

“By exploiting these vulnerabilities, attackers can successfully install malware that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV), Secure Boot and Virtualization-Based Security isolation.”

Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufactures.

01/29/2022

Windows update is being used to deploy malware, utilizing Github Command and Control servers. Malwarebytes shares insight into how the malware operates and the IOCs linked to them.



https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/

01/26/2022

API security is a gap that many businesses overlook. This podcast offers insight into this, rarely considered, real threat that is within nearly every enterprise network in the world.

"The minute you expose a digital system to a public network, the minute you put a new API online, that API is going to be probed, it's going to be attacked within minutes at a relentless pace on an ongoing basis from then on."

Continuous API security on Tech & Main podcast: "People need guidance on API security issues. We can't hire fast enough. We need tech to fill that gap....

01/26/2022

The FBI released a public advisory regarding an Iranian cyber group. It details their tactics, techniques, and procedures as well as the FBI's recommendations in combatting the group.

“FBI information indicates Emennet poses a broader cybersecurity threat outside of information operations.
Since 2018, Emennet has conducted traditional cyber exploitation activity targeting several sectors, including
news, shipping, travel (hotels and airlines), oil and petrochemical, financial, and telecommunications, in the
United States, Europe, and the Middle East. “

01/25/2022

You may want to harden your linux servers by applying the latest patches. It has been released recently that there’s a bug on every major linux distro that provides attackers root access.

This link provides more details in tracking the exploitation and the bug itself:
https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-you-root-on-every-major-distro/

Additionally, we recently published : ‘20 steps to harden your linux server’ if you’d like additional steps you can take to ensure proper security hygiene on your linux servers to help against issues like this you can read about them here:
https://blacktowersec.com/20-steps-to-harden-linux/

01/25/2022

Global Affairs Canada is in the midst of remediation after a breach occurred on January 19th. They shared details today via Twitter:


https://twitter.com/tbs_canada/status/1485800857564336132?s=21