DEFENSESTORM
Thought leadership and customer testimonials are some of the many ways we build a community of trust. These resources highlight our recent research and success stories.
Threat Alerts
Xenomorph, an Android banking trojan, has resurfaced in a more advanced form. Originally discovered in early 2022, this malicious software was initially targeted at European banks using screen overlay phishing techniques and was distributed through Google Play. However, the latest iteration of Xenomorph has expanded its scope to include over 35 financial institutions in the United States and various cryptocurrency applications.
Threat Alerts
If you haven’t already, you will likely begin to see cyber news headlines about a massive data exposure related to Microsoft. While the exposure is bad and nothing to overlook, the report coming from Microsoft is that “ No customer data was exposed, and no other internal services were put at risk because of this issue. No customer action is required in response to this issue.” This was taken directly from Microsoft’s Security Research and Defense page.
Threat Alerts
With the recent natural disasters that have occurred, it’s important to be aware that bad actors will attempt to leverage those devasting incidents for gain. CISA has released a warning urging users to be aware of malicious activity when these types of incidents occur. Please read the below alert from CISA.
Threat Alerts
While nothing official has been published by LinkedIn at the time of this post, accounts on the platform appear to be coming under attack in some type of hacking campaign of unknown origin. Users are reporting on multiple other outlets that their accounts have been taken over, locked out of their accounts, and having difficulty resetting accounts to regain access
Threat Alerts
Internal communication applications, IE: Slack, MS Teams, etc. Criminals are establishing domains that appear to be from legitimate technical support entities and then attempting to reach out to individuals to gain access to target users’ devices. The below article was authored by Microsoft Threat Intelligence and taken from Microsoft directly and provides additional detail and threat actor attribution for these types of attacks.
Threat Alerts
Earlier in June DefenseStorm became aware of a vulnerability disclosure involving MOVEit and posted an article. The casualty list for this vulnerability is growing by the day largely due to exploitation by the Clop Ransomware gang of unpatched instances.
This is an update and reminder to please stay updated on patching and patch for the MOVEit vulnerabilities as soon as possible.
Threat Alerts
Since March of 2023 a new mobile malware has been pushing the Android banking trojan “Anatsa” to online banking customers located in the United States, United Kingdom, Austria, Switzerland and Germany. It has since become one of the most prolific banking malware, targeting over 400 financial institutions across the world.
Threat Alerts
On June 12, 2023, a critical Remote Code Execution (RCE) vulnerability was discovered in Fortinet’s popular FortiGate firewalls, posing a significant security risk for organizations relying on these devices for network protection. The vulnerability, identified as a critical flaw, could potentially allow malicious actors to execute arbitrary code on affected FortiGate firewalls.
Threat Alerts
Defensestorm is aware of the recent disclosure of the Barracuda Email Security Gateway Application (ESG) Vulnerability and has been actively monitoring for potential Indications of Compromise.