Campaña activa de malware bancario en América latina
Una campaña que apunta al sistema bancario se ha podido observar llevando a cabo actividades contra países como Chile, Argentina y México, el malware relacionado a estas campañas de malware es el denominado “Mekotio” que tiene como objetivo principal el robo de información financiera de la víctima. Según lo comenta welivesecurity en un reporte, Mekotio […]
CISA Releases One Industrial Control Systems Advisory
CISA released one Critical Industrial Control Systems (ICS) advisory on July 12, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-193-01 Rockwell Automation Select Communication Modules
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CL0P RANSOMWARE
El grupo de actores maliciosos auto-denominado Cl0p ranwomware surgió alrededor del año 2019, considerado por varios investigadores de ciber seguridad como el sucesor de CryptoMix. Cl0p se ha caracterizado por ser uno de los grupos de ransomware que incorpora miembros de grandes habilidades técnicas y la utilización de métodos sofisticados a la hora de irrumpir […]
CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), Enhanced Monitoring to Detect APT Activity Targeting Outlook Online, to provide guidance to agencies and critical infrastructure organizations on enhancing monitoring in Microsoft Exchange Online environments.
In June 2023, a Federal Civilian Executive Branch (FCEB) agency observed unexpected events in Microsoft 365 (M365) audit logs. After reporting the incident to Microsoft, network defenders deemed the activity malicious. The goal of this CSA is to enhance organizational cybersecurity posture and position organizations to detect similar malicious activity via implementing the listed logging recommendations.
Organizations that identify suspicious, anomalous activity should contact Microsoft for proceeding with mitigation actions due to the cloud-based infrastructure affected, as well as report to CISA and the FBI. For mitigations that are classified as preventative measures (e.g., steps to take to reduce the risk of network categorized exposure), CISA and FBI strongly encourage that FCEB agencies and critical infrastructure organizations ensure Audit Logging is enabled. Note: See CISA’s Microsoft Exchange Online Microsoft 365 Minimum Viable Secure Configuration Baselines. These minimum viable secure configuration baselines are part of CISA’s Secure Cloud Business Applications (SCuBA) project.
For additional information and guidance, CISA and the FBI encourage network defenders to take the measures listed in this CSA to reduce the likelihood of similar activity and posture for detection.
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
SUMMARY In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data. CISA and […]