Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how Squirrelwaffle utilized ProxyLogon and ProxyShell to hack email chains. Also, read on a recent data breach of the Los Angeles Planned Parenthood Network.
Read on:
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
In September, Squirrelwaffle emerged as a new loader that is spread through spam campaigns. It is known for sending its malicious emails as replies to preexisting email chains, a tactic that lowers a victim’s guard against malicious activities. To be able to pull this off, Trend Micro believes it involved the use of a chain of both ProxyLogon and ProxyShell exploits.
Hackers Breach Los Angeles Planned Parenthood Network
Planned Parenthood Los Angeles said it is investigating a cyberattack that compromised the personal information of thousands of patients. The reproductive healthcare provider is notifying approximately 400,000 patients whose name, address, insurance and other identifying information were breached. Clinical information, which can include details of a patient’s diagnosis, procedures and prescriptions, was taken in the hack.
BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
Trend Micro recently observed BazarLoader adding two new arrival mechanisms to its current roster of malware delivery techniques. Trend Micro continues to monitor the campaigns using information stealer BazarLoader, while InfoSec forums have also noted the spike in detections during the third quarter.
House Passes Bipartisan Bills to Strengthen Network Security, Cyber Literacy
The House on Wednesday passed three bipartisan bills intended to shore up network security and increase cyber literacy across the nation, following a difficult year fraught with several significant cybersecurity attacks.
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
Trend Micro has been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) — namely TeamViewer — for some time now. While previous versions of the malware have been covered by other researchers, this blog entry focuses on the malicious actor’s latest attacks.
Hacker, Journalist Among CISA Directors’ 23 New Cybersecurity Advisors
Cybersecurity and Infrastructure Security Agency Director Jen Easterly appointed cybersecurity journalist Nicole Perlroth and Jeff Moss, a prominent leader in the hacker community, to a Cybersecurity Advisory Committee that is otherwise dominated by industry representatives.
Trend Micro Cloud One Network Security-as-a-Service
Trend Micro, alongside Amazon Web Services (AWS), has worked to provide the latest in cloud-native deployment options via AWS services such as AWS Transit Gateway, AWS Gateway Load Balancer, and AWS Network Firewall. Now, together, we have been able to simplify network security even further, enabling customers to add protection across Virtual Private Clouds (VPCs) without needing agents to be installed on instances
Suspected Chinese Hackers Breach More US Defense and Tech Firms
A suspected Chinese hacking campaign has breached four more US defense and technology companies in the last month, and hundreds more US organizations are running the type of vulnerable software that the attackers have exploited. Globally, at least 13 organizations total in sectors such as defense, health care, energy and transportation are now confirmed to have been breached.
What You Can Do to Mitigate Cloud Misconfigurations
Cloud misconfigurations can become opportunities for cyberattacks or lead to data breaches. Organizations must mitigate them before incurring significant and costly consequences. This blog explores ways misconfigurations leave an impact on business and cloud security.
New Ransomware Variant Could Become Next Big Threat
Enterprise security teams might want to add "Yanluowang" to the long and growing list of ransomware threats they need to watch out for. Researchers from Symantec say a threat actor who has been mounting targeted attacks against US organizations since at least August recently began to use the new ransomware in its campaigns.
Analyzing How TeamTNT Used Compromised Docker Hub Accounts
In early November, Trend Micro disclosed that compromised Docker Hub accounts were being used for cryptocurrency mining and that these activities were tied to the TeamTNT threat actor. While those accounts have now been removed, Trend Micro investigated TeamTNT’s activities in connection with these compromised accounts.
COP26 Backs Electric Vehicles to Reduce Climate Change
Last October, the 2021 United Nations Climate Change Conference started discussions on how countries plan to address the looming threat of climate change. During the event this year, electric vehicles (EVs) are expected to take center stage as one of the various ways countries can mitigate climate change.
Security for the Next-Generation Retail Supply Chain
What will shopping and retail be like in the future? In a new research report, Trend Micro reviewed today's technologies to predict what is in store for retail in 2030 and what that means for security.
Assumed to be the successor of the Ryuk ransomware, Conti is currently one of the most notorious active ransomware families used in high-profile attacks. In this blog, read about this ransomware family and how to protect your company against its threat.
Investigating the Emerging Access-as-a-Service Market
In a new research report, Trend Micro examines an emerging business model that involves access brokers selling direct access to organizations and stolen credentials to other malicious actors. The report explores how attackers get into a victims system and what they need in order to enter the network.
Examining Erratic Modern Ransomware Activities: Ransomware in Q3 2021
Modern ransomware operators were active in the third quarter of 2021, specifically the distributors of the REvil (aka Sodinokibi) ransomware family. In early July, it was reported that malicious actors exploited zero-day vulnerabilities in the IT management platform Kaseya’s VSA software to push a malicious script onto vulnerable customers.
What do you think about Squirrelwaffle’s latest exploits and hijacks? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.