DEFENSESTORM

RESOURCES

Thought leadership and customer testimonials are some of the many ways we build a community of trust. These resources highlight our recent research and success stories.

DefenseStorm cyber security monitoring.
Everything You Need to Know About the Alleged AT&T Data Leak

Threat Alerts

Everything You Need to Know About the Alleged AT&T Data Leak

Reports of a massive AT&T data leak have surfaced, with around seventy million customers potentially affected. The data is reportedly for sale on a leak forum or website.

AnyDesk Threat Alert

Threat Alerts

AnyDesk Threat Alert

DefenseStorm is aware of an incident involving  AnyDesk and the compromise of some of their production systems.  The incident was reported by AnyDesk on 2/2/2024.  We have not been able to locate any usable technical details or IOCs at this time.  AnyDesk is a widely used remote desktop software that allows users to access and control computers from anywhere in the world.

Critical Severity Authentication Vulnerability: CVE-2023-22518

Threat Alerts

Critical Severity Authentication Vulnerability: CVE-2023-22518

A recent vulnerability has been discovered for Confluence Server and Data Center and is being tracked as CVE-2023-22518.  At this time of this writing, this vulnerability is NOT known to have been exploited; however, Atlassian is recommending that those impacted take immediate action.  The below information was taken directly from the Atlassian FAQ page for CVE-2023-22518, and the page was last updated on November 1, 2023.

Malware: Xenomorph Android Banking Trojan

Threat Alerts

Malware: Xenomorph Android Banking Trojan

Xenomorph, an Android banking trojan, has resurfaced in a more advanced form. Originally discovered in early 2022, this malicious software was initially targeted at European banks using screen overlay phishing techniques and was distributed through Google Play. However, the latest iteration of Xenomorph has expanded its scope to include over 35 financial institutions in the United States and various cryptocurrency applications. 

PSA – MICROSOFT MITIGATES DATA EXPOSURE

Threat Alerts

PSA – MICROSOFT MITIGATES DATA EXPOSURE

If you haven’t already, you will likely begin to see cyber news headlines about a massive data exposure related to Microsoft.  While the exposure is bad and nothing to overlook, the report coming from Microsoft is that “ No customer data was exposed, and no other internal services were put at risk because of this issue. No customer action is required in response to this issue.” This was taken directly from Microsoft’s Security Research and Defense page.   

PSA – CISA Warns of Hurricane Related Scams

Threat Alerts

PSA – CISA Warns of Hurricane Related Scams

With the recent natural disasters that have occurred, it’s important to be aware that bad actors will attempt to leverage those devasting incidents for gain.  CISA has released a warning urging users to be aware of malicious activity when these types of incidents occur.  Please read the below alert from CISA.

Possible LinkedIn Account Hijacking Campaign

Threat Alerts

Possible LinkedIn Account Hijacking Campaign

While nothing official has been published by LinkedIn at the time of this post, accounts on the platform appear to be coming under attack in some type of hacking campaign of unknown origin.  Users are reporting on multiple other outlets that their accounts have been taken over, locked out of their accounts, and having difficulty resetting accounts to regain access

PSA – Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Threat Alerts

PSA – Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Internal communication applications, IE: Slack, MS Teams, etc.  Criminals are establishing domains that appear to be from legitimate technical support entities and then attempting to reach out to individuals to gain access to target users’ devices.  The below article was authored by Microsoft Threat Intelligence and taken from Microsoft directly and provides additional detail and threat actor attribution for these types of attacks.

MOVEit Critical Transfer Vulnerability

Threat Alerts

MOVEit Critical Transfer Vulnerability

Earlier in June DefenseStorm became aware of a  vulnerability disclosure involving MOVEit and posted an article.  The casualty list for this vulnerability is growing by the day largely due to exploitation by the Clop Ransomware gang of unpatched instances.

This is an update and reminder to please stay updated on patching and patch for the MOVEit vulnerabilities as soon as possible.

Malware – Anatsa Banking Trojan for Android

Threat Alerts

Malware – Anatsa Banking Trojan for Android

Since March of 2023 a new mobile malware has been pushing the Android banking trojan “Anatsa” to online banking customers located in the United States, United Kingdom, Austria, Switzerland and Germany. It has since become one of the most prolific banking malware, targeting over 400 financial institutions across the world.

Vulnerability – Fortinet Releases Security Updates for FortiOS and FortiProxy

Threat Alerts

Vulnerability – Fortinet Releases Security Updates for FortiOS and FortiProxy

On June 12, 2023, a critical Remote Code Execution (RCE) vulnerability was discovered in Fortinet’s popular FortiGate firewalls, posing a significant security risk for organizations relying on these devices for network protection. The vulnerability, identified as a critical flaw, could potentially allow malicious actors to execute arbitrary code on affected FortiGate firewalls.

Barracuda Email Security Gateway Application (ESG) Vulnerability- CVE-2023-2868

Threat Alerts

Barracuda Email Security Gateway Application (ESG) Vulnerability- CVE-2023-2868

Defensestorm is aware of the recent disclosure of the Barracuda Email Security Gateway Application (ESG) Vulnerability and has been actively monitoring for potential Indications of Compromise.