DEFENSESTORM
Thought leadership and customer testimonials are some of the many ways we build a community of trust. These cyber security resources highlight our recent research and success stories.
Threat Alerts
In April 2024, a known threat actor calling themselves USDoD claimed to possess and sell approximately 2.9 billion records from National Public Data, which included individuals’ personal data from people in the US, UK, and Canada.
Threat Alerts
News is emerging about AT&T’s disclosure of what they term as ‘Unlawful Access of Customer Data.’ The majority of AT&T customer data was illegally downloaded from their workspace on a third-party cloud platform from May 2022 through October 31, 2022 and on January 2, 2023.
Threat Alerts
In late June 2024, LockBit cybercriminal group claimed responsibility for having breached a government agency with plans to release the stolen data. It was revealed that the group actually breached Evolve Bank and Trust.
Threat Alerts
Reports of a massive AT&T data leak have surfaced, with around seventy million customers potentially affected. The data is reportedly for sale on a leak forum or website.
Threat Alerts
DefenseStorm is aware of an incident involving AnyDesk and the compromise of some of their production systems. The incident was reported by AnyDesk on 2/2/2024. We have not been able to locate any usable technical details or IOCs at this time. AnyDesk is a widely used remote desktop software that allows users to access and control computers from anywhere in the world.
Threat Alerts
A recent vulnerability has been discovered for Confluence Server and Data Center and is being tracked as CVE-2023-22518. At this time of this writing, this vulnerability is NOT known to have been exploited; however, Atlassian is recommending that those impacted take immediate action. The below information was taken directly from the Atlassian FAQ page for CVE-2023-22518, and the page was last updated on November 1, 2023.
Threat Alerts
Xenomorph, an Android banking trojan, has resurfaced in a more advanced form. Originally discovered in early 2022, this malicious software was initially targeted at European banks using screen overlay phishing techniques and was distributed through Google Play. However, the latest iteration of Xenomorph has expanded its scope to include over 35 financial institutions in the United States and various cryptocurrency applications.
Threat Alerts
If you haven’t already, you will likely begin to see cyber news headlines about a massive data exposure related to Microsoft. While the exposure is bad and nothing to overlook, the report coming from Microsoft is that “ No customer data was exposed, and no other internal services were put at risk because of this issue. No customer action is required in response to this issue.” This was taken directly from Microsoft’s Security Research and Defense page.
Threat Alerts
With the recent natural disasters that have occurred, it’s important to be aware that bad actors will attempt to leverage those devasting incidents for gain. CISA has released a warning urging users to be aware of malicious activity when these types of incidents occur. Please read the below alert from CISA.
Threat Alerts
While nothing official has been published by LinkedIn at the time of this post, accounts on the platform appear to be coming under attack in some type of hacking campaign of unknown origin. Users are reporting on multiple other outlets that their accounts have been taken over, locked out of their accounts, and having difficulty resetting accounts to regain access
Threat Alerts
Internal communication applications, IE: Slack, MS Teams, etc. Criminals are establishing domains that appear to be from legitimate technical support entities and then attempting to reach out to individuals to gain access to target users’ devices. The below article was authored by Microsoft Threat Intelligence and taken from Microsoft directly and provides additional detail and threat actor attribution for these types of attacks.
Threat Alerts
Earlier in June DefenseStorm became aware of a vulnerability disclosure involving MOVEit and posted an article. The casualty list for this vulnerability is growing by the day largely due to exploitation by the Clop Ransomware gang of unpatched instances.
This is an update and reminder to please stay updated on patching and patch for the MOVEit vulnerabilities as soon as possible.
Threat Alerts
Since March of 2023 a new mobile malware has been pushing the Android banking trojan “Anatsa” to online banking customers located in the United States, United Kingdom, Austria, Switzerland and Germany. It has since become one of the most prolific banking malware, targeting over 400 financial institutions across the world.
Threat Alerts
On June 12, 2023, a critical Remote Code Execution (RCE) vulnerability was discovered in Fortinet’s popular FortiGate firewalls, posing a significant security risk for organizations relying on these devices for network protection. The vulnerability, identified as a critical flaw, could potentially allow malicious actors to execute arbitrary code on affected FortiGate firewalls.
Threat Alerts
Defensestorm is aware of the recent disclosure of the Barracuda Email Security Gateway Application (ESG) Vulnerability and has been actively monitoring for potential Indications of Compromise.