¡Únase a nosotros en SASE Summit de Netskope, llegando a una ciudad cerca de usted! Regístrese ahora

  • Servicio de seguridad Productos Edge

    Protéjase contra las amenazas avanzadas y en la nube y salvaguarde los datos en todos los vectores.

  • Borderless SD-WAN

    Proporcione con confianza un acceso seguro y de alto rendimiento a cada usuario remoto, dispositivo, sitio y nube.

  • Plataforma

    Visibilidad inigualable y protección contra amenazas y datos en tiempo real en la nube privada de seguridad más grande del mundo.

La plataforma del futuro es Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG) y Private Access for ZTNA integrados de forma nativa en una única solución para ayudar a todas las empresas en su camino hacia el Servicio de acceso seguro Arquitectura perimetral (SASE).

Todos los productos
Vídeo de Netskope
Borderless SD-WAN: el comienzo de la nueva era de la empresa sin fronteras

Netskope Borderless SD-WAN offers an architecture that converges zero trust principles and assured application performance to provide unprecedented secure, high-performance connectivity for every site, cloud, remote user, and IoT device.

Read the article
Borderless SD-WAN
Netskope ofrece una estrategia de seguridad cloud moderna, con capacidades unificadas para los datos y protección frente a amenazas, además de un acceso privado seguro.

Explora nuestra plataforma
Vista aérea de una ciudad metropolitana
Cambie a los servicios de seguridad en la nube líderes del mercado con una latencia mínima y una alta fiabilidad.

Más información sobre NewEdge
Lighted highway through mountainside switchbacks
Habilite de forma segura el uso de aplicaciones de IA generativa con control de acceso a aplicaciones, capacitación de usuarios en tiempo real y la mejor protección de datos de su clase.

Descubra cómo aseguramos el uso generativo de IA
Safely Enable ChatGPT and Generative AI
Soluciones de confianza cero para implementaciones de SSE y SASE

Learn about Zero Trust
Boat driving through open sea
Netskope hace posible un proceso seguro, rápido y con inteligencia cloud para la adopción de los servicios en la nube, las aplicaciones y la infraestructura de nube pública.

Learn about Industry Solutions
Wind turbines along cliffside
  • Nuestros clientes

    Netskope da servicio a más de 2.000 clientes en todo el mundo, entre los que se encuentran más de 25 de las 100 empresas de Fortune

  • Soluciones para clientes

    Le apoyamos en cada paso del camino, garantizando su éxito con Netskope.

  • Formación y certificación

    La formación de Netskope le ayudará a convertirse en un experto en seguridad en la nube.

Ayudamos a nuestros clientes a estar preparados para cualquier situación

Ver nuestros clientes
Woman smiling with glasses looking out window
El talentoso y experimentado equipo de servicios profesionales de Netskope proporciona un enfoque prescriptivo para su exitosa implementación.

Learn about Professional Services
Servicios profesionales de Netskope
Asegure su viaje de transformación digital y aproveche al máximo sus aplicaciones en la nube, web y privadas con la capacitación de Netskope.

Learn about Training and Certifications
Group of young professionals working
  • Recursos

    Obtenga más información sobre cómo Netskope puede ayudarle a proteger su viaje hacia la nube.

  • Blog

    Descubra cómo Netskope permite la transformación de la seguridad y las redes a través del servicio de seguridad (SSE).

  • Eventos & Workshops

    Manténgase a la vanguardia de las últimas tendencias de seguridad y conéctese con sus pares.

  • Seguridad definida

    Todo lo que necesitas saber en nuestra enciclopedia de ciberseguridad.

Podcast Security Visionaries

Episodio de bonificación 2: El cuadrante mágico para SSE y obtener SASE correctamente
Mike y Steve analizan el Gartner® Magic Quadrant™ para Security Service Edge (SSE), el posicionamiento de Netskope y cómo el clima económico actual afectará el viaje de SASE.

Reproducir el pódcast
Episodio de bonificación 2: El cuadrante mágico para SSE y obtener SASE correctamente
Últimos blogs

Cómo Netskope puede habilitar el viaje de Zero Trust y SASE a través de las capacidades del borde del servicio de seguridad (SSE).

Lea el blog
Sunrise and cloudy sky
Gira mundial del día de inmersión en AWS de Netskope 2023

Netskope ha desarrollado una variedad de laboratorios prácticos, talleres, seminarios web detallados y demostraciones para educar y ayudar a los clientes de AWS en el uso y la implementación de los productos de Netskope.

Learn about AWS Immersion Day
Socio de AWS
¿Qué es Security Service Edge (SSE)?

Explore el lado de la seguridad de SASE, el futuro de la red y la protección en la nube.

Learn about Security Service Edge
Four-way roundabout
  • Empresa

    Le ayudamos a mantenerse a la vanguardia de los desafíos de seguridad de la nube, los datos y la red.

  • Por qué Netskope

    La transformación de la nube y el trabajo desde cualquier lugar han cambiado la forma en que debe funcionar la seguridad.

  • Liderazgo

    Nuestro equipo de liderazgo está firmemente comprometido a hacer todo lo necesario para que nuestros clientes tengan éxito.

  • Partners

    Nos asociamos con líderes en seguridad para ayudarlo a asegurar su viaje a la nube.

Netskope posibilita el futuro del trabajo.

Descubra más
Curvy road through wooded area
La más Alta en Ejecución. Más Avanzada en Visión.

Netskope ha sido reconocido como Líder en el Gartner® Magic Quadrant™ de 2023 en SSE.

Obtenga el informe
Netskope ha sido reconocido como Líder en el Gartner® Magic Quadrant™ de 2023 en SSE.
Pensadores, constructores, soñadores, innovadores. Juntos, ofrecemos soluciones de seguridad en la nube de vanguardia para ayudar a nuestros clientes a proteger sus datos y usuarios.

Conozca a nuestro equipo
Group of hikers scaling a snowy mountain
La estrategia de venta centrada en el partner de Netskope permite a nuestros canales maximizar su expansión y rentabilidad y, al mismo tiempo, transformar la seguridad de su empresa.

Learn about Netskope Partners
Group of diverse young professionals smiling

Threat Labs News Roundup: April 2023

May 08 2023

Resumen

The purpose of the Netskope Threat Labs News Roundup series is to provide enterprise security teams an actionable brief on the top cybersecurity news from around the world. The brief includes summaries and links to the top news items spanning cloud-enabled threats, malware, and ransomware.

Top Stories

Microsoft takes down Cobalt Strike servers

Microsoft, Fortra, and Health Information Sharing and Analysis Center (Health-ISAC) are taking technical and legal actions against cracked and legacy Cobalt Strike servers that were being used by attackers to distribute malware and ransomware. Details

Microsoft patches zero-day abused by ransomware

Microsoft’s April 2023 security update patches 97 CVEs, including a zero-day vulnerability that was being actively exploited in ransomware attacks. Details

Critical vulnerability in popular WordPress plugin

A now patched vulnerability was found in the WordPress plugin Elementor, which has over 5 million installations, potentially allowing code execution by unauthenticated attackers through arbitrary file upload. Details

Google Chrome fixes a zero-day vulnerability

Google released an emergency update for Google Chrome to address a zero-day vulnerability that was being exploited since the beginning of 2023, which is being tracked as CVE-2023-2033. Details

Google takes down CryptBot malware infrastructure

Google started to take down the infrastructure of a malware known as CryptBot, which is an info stealer that was being used to infect Google Chrome users to steal sensitive data, including usernames, passwords, and credit card information. Details

Cybersecurity Events in Ukraine

Russian attackers targeting NATO and EU

Russian state-sponsored attackers tracked as APT29 (a.k.a. Cozy Bear) were linked to widespread attacks targeting European Union countries and NATO through spear phishing emails to deploy malware. Details

Russia accuses NATO of cyberattacks since 2022

The Russian Federal Security Service (FSB) has accused NATO countries, including the United States, of launching over 5,000 cyberattacks against Russian’s critical infrastructure since the beginning of 2022. Details

Google warns of Russia-linked attacks targeting Ukraine

Google Threat Analysis Group (TAG) has warned about Russia-linked attackers targeting hundreds of users in Ukraine with phishing campaigns aiming to spread disinformation and gather intelligence. Details

Pro-Russia attackers targeting Canadian gas pipeline

Leaked documents could indicate that a Pro-Russia group known as Zarya has allegedly targeted a Canadian gas pipeline in conjunction with Russia’s Federal Security Service (FSB). Details

Ukrainian citizen arrested for selling data to Russians

A Ukrainian man was arrested by the Ukranian cyber police for selling personal and sensitive data of over 300 million citizens of Ukraine and the European Union to Russians via Telegram. Details 

Russia-linked APT group targeting Ukraine with phishing

The Computer Emergency Response Team of Ukraine (CERT-UA) warned about a Russian-linked group tracked as APT28 targeting the Ukrainian government with spear-phishing attacks. Details

Cloud-enabled Threats

New MacOS malware abusing Telegram

A new MacOS malware named MacStealer was found abusing Telegram to steal sensitive information, including files, cryptocurrency wallets, and account passwords from common browsers like Chrome, Firefox, and Brave. Details

Cryptocurrency malware distributed via NuGet packages

Researchers found a supply-chain attack targeting .NET developers through a cryptocurrency stealer malware distributed via 13 malicious NuGet packages. Details

Flaw in Microsoft Azure could expose storage accounts

A “by-design” flaw was discovered in Microsoft Azure, which could allow attackers to access storage accounts and perform malicious activities, such as lateral movements, data exfiltration and code execution. Details

Attackers abusing Facebook to spread RedLine stealer

A new RedLine Stealer campaign was found using hijacked Facebook business accounts and community pages to deliver RedLine Stealer via sponsored ads that promise free downloads of AI chatbots, like ChatGPT. Details

Attackers shifting from IoT to VPS to conduct DDoS attacks

According to CloudFlare, attackers are shifting from compromised IoT devices to breached cloud Virtual Private Servers to conduct hyper-volumetric DDoS attacks, which can be 5,000x stronger due to higher performance. Details

Attackers abusing YouTube and Telegram to sell malware

A modular malware named Legion, which is capable of SMTP server enumeration, remote code execution, and AWS services abuse, is being sold on Telegram and promoted through YouTube videos. Details

Tech support scams abusing Google Ads and Weebly

Researchers found that attackers are abusing Google Ads to target seniors using tech support scams through fake Weebly websites. Details

New malware abusing Telegram for C2 communication

A new info stealer malware named Zaraza, capable of stealing data from many browsers, is being sold on a Russian Telegram channel, and also abusing the popular messaging platform to conduct C2 communication. Details

YouTube videos abused to spread stealer malware

Researchers found that the Go-based info stealer malware Aurora is being delivered through a highly evasive loader, distributed via links added in the description of YouTube videos and other fake websites. Details

Bug in Google Cloud Platform exposes sensitive data

A security vulnerability in Google’s Cloud Platform (GCP), dubbed as GhostToken, could have allowed attackers to hijack OAuth tokens and access user’s personal data in different Google apps, such as Drive, Photos, and Gmail. Details

Ransomware

Fake ransomware group targeting U.S. organizations

A group known as Midnight is impersonating ransomware groups and using data breaches and allegedly stolen data to threaten U.S. companies. Details

BlackCat ransomware exploiting vulnerabilities in backup software

The BlackCat ransomware group (a.k.a. ALPHV) was found abusing three vulnerabilities in the Veritas Backup software to gain initial access in the targeted network. Details

Medusa ransomware targeting the Open University of Cyprus (OUC)

The ransomware group known as Medusa has claimed a cyberattack on the Open University of Cyprus (OUC), asking the amount of $100,000 as ransom. Details

Nokoyawa ransomware using Windows zero-day

Researchers found that a ransomware known as Nokoyawa was using a zero-day vulnerability on Windows, tracked as CVE-2023-28252, to elevate privileges in the system. Details

New PowerShell tool used by Vice Society ransomware

A new sophisticated PowerShell tool aimed to automate data theft in compromised systems is being used by the Vice Society ransomware group. Details

LockBit ransomware targeting MacOS

A ZIP file was found containing multiple LockBit encryptors that indicates that the attackers are starting to target MacOS systems. Details

New custom tools from Play ransomware

Two new custom tools developed in .NET were found used by the Play ransomware, named Grixba and VSS Copying Tool, which are used for system enumeration and to interact with the Volume Shadow Copy Service (VSS). Details

PaperCut servers abused to deliver ransomware

Microsoft has confirmed that the Lace Tempest group (a.k.a. DEV-0950) exploited PaperCut servers to deliver Cl0p and LockBit ransomware families. Details

author image
Gustavo Palazolo
Gustavo Palazolo is an expert in malware analysis, reverse engineering and security research, working many years in projects related to electronic fraud protection. He is currently working on the Netskope Research Team, discovering and analyzing new malware threats.