The Uptycs threat research team recently came across multiple document samples that download Revenge RAT. The campaign currently seems to be active in Brazil. All of the malware samples we received have the same properties. One of the samples we received has the name “Rooming List Reservas para 3 Familias.docx” (SHA-256: 91611ac2268d9bf7b7cb2e71976c630f6b4bfdbb68774420bf01fd1493ed28c7). The document has only a few detections in VirusTotal.
Uptycs' threat research team identified an XLS document that downloaded a highly vicious payload named Warzone RAT. The payload, also known as “Ave Maria stealer,” can steal credentials and log keystrokes on the victim’s machine. Checkpoint mentioned Warzone early this year when the malware was in its early stage of development.
SecOps and IT administrators have seen plenty of information regarding the GRUB2 BootHole vulnerability. In addition to BootHole, several low to moderate vulnerabilities were also discovered and fixed. While a key recommendation for mitigation is to install OS updates and patches, vendor patches should be carefully tested and incrementally applied to vulnerable assets. Updating the Secure Boot Forbidden Signature Database (dbx) has caused issues in the past. Initial GRUB2 patches from Red Hat caused boot issues for some RHEL and CentOS machines.
Microsoft released multiple security updates on Tuesday, July 14, including one for a remote code execution vulnerability for their DNS server.
Having the ability to aggregate and analyze data across multiple systems is a necessity for companies of all sizes, primarily for security and compliance reasons. For most businesses, SIEM (security information and event management) tools fulfill this function. But SIEM solutions as they are traditionally used can be costly, a problem that eventually leads most security professionals to make important decisions based on dollars and cents rather than actual security needs.
A cyber security strategy is fundamental in helping your company take a proactive approach to security instead of reacting to every new threat, which can be time consuming and expensive. Whether you have an outdated strategy in place or you are starting from scratch, you can use this guide to get started building an effective and strategic cyber security plan.