Exploits & Vulnerabilities
This Week in Security News - December 3, 2021
This week, learn about how Squirrelwaffle utilized ProxyLogon and ProxyShell to hack email chains. Also, read on a recent data breach of the Los Angeles Planned Parenthood Network.
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how Squirrelwaffle utilized ProxyLogon and ProxyShell to hack email chains. Also, read on a recent data breach of the Los Angeles Planned Parenthood Network.
In September, Squirrelwaffle emerged as a new loader that is spread through spam campaigns. It is known for sending its malicious emails as replies to preexisting email chains, a tactic that lowers a victim’s guard against malicious activities. To be able to pull this off, Trend Micro believes it involved the use of a chain of both ProxyLogon and ProxyShell exploits.
Planned Parenthood Los Angeles said it is investigating a cyberattack that compromised the personal information of thousands of patients. The reproductive healthcare provider is notifying approximately 400,000 patients whose name, address, insurance and other identifying information were breached. Clinical information, which can include details of a patient’s diagnosis, procedures and prescriptions, was taken in the hack.
Trend Micro recently observed BazarLoader adding two new arrival mechanisms to its current roster of malware delivery techniques. Trend Micro continues to monitor the campaigns using information stealer BazarLoader, while InfoSec forums have also noted the spike in detections during the third quarter.
The House on Wednesday passed three bipartisan bills intended to shore up network security and increase cyber literacy across the nation, following a difficult year fraught with several significant cybersecurity attacks.
Trend Micro has been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) — namely TeamViewer — for some time now. While previous versions of the malware have been covered by other researchers, this blog entry focuses on the malicious actor’s latest attacks.
Cybersecurity and Infrastructure Security Agency Director Jen Easterly appointed cybersecurity journalist Nicole Perlroth and Jeff Moss, a prominent leader in the hacker community, to a Cybersecurity Advisory Committee that is otherwise dominated by industry representatives.
Trend Micro, alongside Amazon Web Services (AWS), has worked to provide the latest in cloud-native deployment options via AWS services such as AWS Transit Gateway, AWS Gateway Load Balancer, and AWS Network Firewall. Now, together, we have been able to simplify network security even further, enabling customers to add protection across Virtual Private Clouds (VPCs) without needing agents to be installed on instances
A suspected Chinese hacking campaign has breached four more US defense and technology companies in the last month, and hundreds more US organizations are running the type of vulnerable software that the attackers have exploited. Globally, at least 13 organizations total in sectors such as defense, health care, energy and transportation are now confirmed to have been breached.
Cloud misconfigurations can become opportunities for cyberattacks or lead to data breaches. Organizations must mitigate them before incurring significant and costly consequences. This blog explores ways misconfigurations leave an impact on business and cloud security.
Enterprise security teams might want to add "Yanluowang" to the long and growing list of ransomware threats they need to watch out for. Researchers from Symantec say a threat actor who has been mounting targeted attacks against US organizations since at least August recently began to use the new ransomware in its campaigns.
In early November, Trend Micro disclosed that compromised Docker Hub accounts were being used for cryptocurrency mining and that these activities were tied to the TeamTNT threat actor. While those accounts have now been removed, Trend Micro investigated TeamTNT’s activities in connection with these compromised accounts.
Last October, the 2021 United Nations Climate Change Conference started discussions on how countries plan to address the looming threat of climate change. During the event this year, electric vehicles (EVs) are expected to take center stage as one of the various ways countries can mitigate climate change.
What will shopping and retail be like in the future? In a new research report, Trend Micro reviewed today's technologies to predict what is in store for retail in 2030 and what that means for security.
Assumed to be the successor of the Ryuk ransomware, Conti is currently one of the most notorious active ransomware families used in high-profile attacks. In this blog, read about this ransomware family and how to protect your company against its threat.
In a new research report, Trend Micro examines an emerging business model that involves access brokers selling direct access to organizations and stolen credentials to other malicious actors. The report explores how attackers get into a victims system and what they need in order to enter the network.
Modern ransomware operators were active in the third quarter of 2021, specifically the distributors of the REvil (aka Sodinokibi) ransomware family. In early July, it was reported that malicious actors exploited zero-day vulnerabilities in the IT management platform Kaseya’s VSA software to push a malicious script onto vulnerable customers.
What do you think about Squirrelwaffle’s latest exploits and hijacks? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.