The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. (The Hacker News)
|
“A well-known threat vector is using malicious Google ads to spoof well-known brands. These attacks often begin with users being lured to fake websites via the said ads, where they are prompted to download a malicious file containing PowerShell scripts that then lead to further malware infections. FIN7, active since 2013 and known for evolving its tactics, has leveraged these malvertising techniques recently to effectively bypass security mechanisms and deliver a range of malware. The abuse of signed MSIX files has prompted Microsoft to disable the protocol handler by default to mitigate such threats, thus impacting future updates and patching, which in turn will create an even larger issue of not being able to add future security measures, potentially leading to issues down the road for organizations.” – Andrew Tucker, Tier III SOC Analyst / Junior Cybersecurity Consultant at Ingalls Information Security |
Newly discovered vulnerabilities in F5 Networks' BIG-IP Next Central Manager could allow an attacker to gain full control over, and create hidden accounts inside of, any F5-brand assets. (Dark Reading)
Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. (Ars Technica)
The US Food and Drug Administration (FDA) has issued a Class I recall for the t:connect mobile app on iOS, which is used to monitor and control the t:slim X2 insulin pump used by people with diabetes. It was supposedly the first smartphone app that can program insulin doses that the FDA had approved. The agency issued the highest level of recall it could, because the app had serious software problems that could've have caused life-threatening conditions or even death. In fact, while there were no mortalities reported, the FDA received 224 injury reports as of April 15. (Engadget)
Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. (BleepingComputer)
Microsoft has telegraphed its desire to start shuttering some legacy Windows systems. Here’s how to get ahead of the security changes that will inevitably come to the platform. (CSO)
The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev.
In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), and the Australian Department of Foreign Affairs. (The Hacker News)
The bug was nearly identical to — but not as serious as — "CitrixBleed" (CVE-2023-4966), a critical zero-day vulnerability in the same two technologies that Citrix disclosed last year, according to researchers who discovered and reported the flaw to Citrix in January. (Dark Reading)