Author: DEFENDEDGE
-
TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise
Original release date: March 17, 2021 CISA has released a table of tactics, techniques, and procedures (TTPs) used by the advanced persistent threat (APT) actor involved with the recent SolarWinds and Active Directory/M365 compromise. The table uses the MITRE ATT&CK framework to identify APT TTPs and includes detection recommendations. This information will assist network defenders… Read more
-
AA21-076A: TrickBot Malware
Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spearphishing campaigns using TrickBot… Read more
-
CISA-FBI Joint Advisory on TrickBot Malware
Original release date: March 17, 2021 CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware. A sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly modular, multi-stage malware that… Read more
-
Microsoft Releases Exchange On-premises Mitigation Tool
Original release date: March 16, 2021 Microsoft has released the Exchange On-premises Mitigation Tool (EOMT.ps1) that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: “[the tool is intended] to help customers who do not have dedicated security or IT teams to apply these security updates.… Read more
-
Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices
A new Mirai variant is targeting known flaws in D-Link, Netgear and SonicWall devices, as well as newly-discovered flaws in unknown IoT devices. Read more
-
Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix
Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress. Read more
-
Google Releases Spectre PoC Exploit For Chrome
Google has released the side-channel exploit in hopes of motivating web-application developers to protect their sites. Read more
-
Cybersecurity Bug-Hunting Sparks Enterprise Confidence
A survey from Intel shows that most organizations prefer tech providers to have proactive security, but few meet security expectations. Read more
-
Cyberattacks See Fundamental Changes, A Year into COVID-19
A year after COVID-19 was officially determined to be a pandemic, the methods and tactics used by cybercriminals have drastically changed. Read more
-
Vulnerability Summary for the Week of March 8, 2021
Original release date: March 15, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info arubanetworks — airwave A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary… Read more