All articles tagged with #endpoint security
Originally Published 6 days ago — by The Hacker News
Cybersecurity researchers have uncovered a campaign targeting European hospitality staff using fake booking cancellation emails and BSoD pages to deliver the DCRat remote access trojan, employing sophisticated techniques like living-off-the-land methods and malware evasion tactics.
Originally Published 1 year ago — by The Hacker News
The financially motivated threat actor group Magnet Goblin is rapidly incorporating one-day security vulnerabilities to breach edge devices and public-facing services, deploying the Nerbian RAT and MiniNerbian on compromised hosts. Their attacks have targeted unpatched Ivanti Connect Secure VPN, Magento, Qlik Sense, and possibly Apache ActiveMQ servers, with the group active since at least January 2022. The deployed malware allows for execution of arbitrary commands and exfiltration of results to a command-and-control server, with the group also utilizing tools such as WARPWIRE JavaScript credential stealer, Ligolo tunneling software, and legitimate remote desktop offerings.
Originally Published 2 years ago — by BleepingComputer
Microsoft Defender for Endpoint has introduced an automatic attack disruption feature that isolates compromised user accounts to prevent lateral movement in hands-on-keyboard attacks. This capability temporarily contains suspicious identities, preventing attackers from using them to escalate privileges, move laterally, perform credential theft, data exfiltration, or encrypt remotely. When an initial stage of a human-operated attack is detected, the feature blocks the attack on the affected device and inoculates other devices within the organization by blocking incoming malicious traffic. Since its introduction, over 6,500 devices have been protected from ransomware campaigns. Defender for Endpoint can also isolate hacked and unmanaged Windows devices, preventing lateral movement within networks.
Originally Published 2 years ago — by The Hacker News
Apple has released urgent security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that has been actively exploited. The vulnerability, known as CVE-2023-37450, could allow attackers to execute arbitrary code through specially crafted web content. Apple has addressed 10 zero-day vulnerabilities in its software this year and recently patched three zero-days linked to an espionage campaign. However, the software update has been pulled after reports of compatibility issues with certain websites.
Originally Published 2 years ago — by The Register
Cigent has developed a Secure SSD+ flash drive with built-in ransomware prevention support that uses machine learning algorithms to monitor disk accesses and block access if it detects ransomware activity. The drive is designed to provide organizations with a preventative solution rather than tackling an attack that has already happened. The Secure SSD+ is intended to work with the Data Defense platform, which allows IT and security personnel to monitor and manage the drives and set policies, reset PINs, as well as receive ransomware alerts.