Dangerous emotet botnet resumes email activity
by Tina Siering
Successful compromises by the notorious Emotet malware are occurring again. After several months of inactivity, the botnet resumed its email activity on 07.03.2023. Some IT security experts called the malware the most dangerous malware in the world. In fact, the damage caused in the past was enormous. Now the malware repeatedly exploits weaknesses in Microsoft Office - the current spread is via emails with malicious Microsoft Word and Excel attachments. If these documents are opened and macros are activated, the Emotet DLL is successfully downloaded into the working memory. You can find out all the background information known so far about Emotet's new activity in this blog post.
Warning about two new malware variants: SwiftSlicer and HeadCrab
by Tina Siering
Two new types of malware are currently causing a stir in the IT security environment: "SwiftSlicer" and "HeadCrab" are new attack variants in circulation that have immense destructive potential and are extremely difficult to detect. In this article, we analyse the current findings of the malware, look at exactly how it works and give tips on how companies and organisations can protect themselves from cyber threats.
Read more … Warning about two new malware variants: SwiftSlicer and HeadCrab
Lateral Movement: How to stop disguised attackers in time
by Tina Siering
Often, an unpatched vulnerability or a phishing email is enough for cybercriminals to gain access to your network. Since the intruders are there to target valuable assets such as sensitive data or critical systems, the attacker first secures his permanent network access. Often undetected, he moves away from the original entry point and penetrates deeper and deeper into the compromised network until the actual target is reached. This method is called "lateral movement" and refers to the lateral movement in a company network - a procedure that can cause great damage. It is therefore all the more important that you are able to identify and stop attackers promptly.
Read more … Lateral Movement: How to stop disguised attackers in time
Cobalt Strike: Attackers are misusing pentesting tool
by Tina Siering
Cobalt Strike is a commercial program developed by the provider Strategic Cyber LLC, which is primarily used by IT companies and security experts. Cobalt Strike can be used to simulate cyber attacks in penetration tests and identify vulnerabilities in networks before they can be exploited by hackers. Despite the manufacturer's existing security precautions, however, cyber criminals also manage to gain access to what is actually a legitimate security tool and misuse it for malicious purposes. In this article, we take a closer look at how Cobalt Strike works, show why cyber criminals are increasingly using the tool and what IT security managers need to do now, to protect their systems.
Read more … Cobalt Strike: Attackers are misusing pentesting tool
ChatGPT: Using artificial intelligence for the next exploit?
by Tina Siering
The artificial intelligence (AI)-powered chatbot ChatGPT from OpenAI can compose texts, conduct dialogues and write programme code. The bot thus has enormous potential to make our lives easier in the future. But hackers can also exploit ChatGPT for their criminal purposes by using the AI to create phishing emails, scams or malware. Malicious code programming no longer even requires programming skills. Although the malware generated so far seems to be relatively simple and only used for testing purposes, this could change quickly. Darknet forums are already discussing how access restrictions for ChatGPT can be circumvented.
Read more … ChatGPT: Using artificial intelligence for the next exploit?
Patch Tuesday 02/2023 - Microsoft releases patches for three actively exploited Windows zero-day vulnerabilities
by Tina Siering
Patch Tuesday for February 2023 is just around the corner. Microsoft releases patches for 75 CVE vulnerabilities, including three actively exploited zero-day vulnerabilities (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823) that should be patched urgently to prevent system privilege malware in the worst case scenario.
ACD-KRITIS meets requirements for the use of systems for attack detection (SzA) according to the BSI orientation guide
by Tina Siering
The IT Security Act 2.0 (IT-SiG) has introduced new obligations for operators of critical infrastructures and energy supply networks. Among them is the use of an attack detection system (SzA), which must be proven to the Federal Office for Information Security (BSI) from 1 May 2023. With the Active Cyber Defense (ACD)-KRITIS, Allgeier secion offers a managed detection and response service that is already implemented and operational within 6 weeks!
Critical vulnerability in VMware ESXi: Global wave of attacks presumably also shut down hundreds of German companies
by Tina Siering
Criminals are currently exploiting a critical vulnerability in VMware's "ESXi" virtualization platform to infiltrate malicious code and encrypt virtual hard disks. According to media reports, hundreds of companies and institutions in Germany alone could be impacted. The vulnerability has been known for two years - and patched. IT security managers should urgently install the security update published by the manufacturer to prevent their systems from being compromised.
The IT term "air gap" refers to the complete physical separation of a device or network from the internet. It is one of the most radical methods used primarily to secure a computer that stores extremely valuable information or controls high-risk processes. The basic idea behind "Air Gap": Without an Internet connection, no access to the computer - and without access, no chance for hackers. Nevertheless, computers and networks isolated by "Air Gap" do not guarantee 100 percent protection against compromise attempts. In this article, you will learn how cyber criminals rely on technical-physical methods such as ultrasound, thermodynamics and electromagnetic fields to gain access to supposedly inaccessible data - and what form of manipulation Israeli researchers recently achieved by successfully influencing electromagnetic waves.
Read more … Despite Air Gap: How data theft is possible even without an internet connection
Patch ProxyNotShell vulnerability now: Still many vulnerable Exchange servers in Germany
by Tina Siering
In Germany alone, around 10,000 Microsoft on-premise Exchange servers are still not patched against the ProxyNotShell vulnerability, which has been known since September 2022. IT security managers should urgently apply the security update provided by Microsoft to prevent their systems from being compromised.
Read more … Patch ProxyNotShell vulnerability now: Still many vulnerable Exchange servers in Germany