Netskope vuelve a ser reconocido como Líder en el Cuadrante™ Mágico de Gartner® para plataformas SASE. Obtener el Informe

cerrar
cerrar
Su red del mañana
Su red del mañana
Planifique su camino hacia una red más rápida, más segura y más resistente diseñada para las aplicaciones y los usuarios a los que da soporte.
          Descubra Netskope
          Ponte manos a la obra con la plataforma Netskope
          Esta es su oportunidad de experimentar de primera mano la Netskope One plataforma de una sola nube. Regístrese para participar en laboratorios prácticos a su propio ritmo, únase a nosotros para una demostración mensual del producto en vivo, realice una prueba de manejo gratuita de Netskope Private Accesso únase a nosotros para talleres en vivo dirigidos por instructores.
            Líder en SSE. Ahora es líder en SASE de un solo proveedor.
            Netskope ha sido reconocido como Líder con mayor visión tanto en plataformas SSE como SASE
            2X a Leader in the Gartner® Magic Quadrant for SASE Platforms
            One unified platform built for your journey
              Protección de la IA generativa para principiantes
              Protección de la IA generativa para principiantes
              Descubra cómo su organización puede equilibrar el potencial innovador de la IA generativa con sólidas prácticas de seguridad de Datos.
                Prevención de pérdida de datos (DLP) moderna para dummies eBook
                Prevención moderna de pérdida de datos (DLP) para Dummies
                Obtenga consejos y trucos para la transición a una DLP entregada en la nube.
                  Libro SD-WAN moderno para principiantes de SASE
                  SD-WAN moderna para maniquíes SASE
                  Deje de ponerse al día con su arquitectura de red
                    Entendiendo dónde está el riesgo
                    Advanced Analytics transforma la forma en que los equipos de operaciones de seguridad aplican los conocimientos basados en datos para implementar una mejor política. Con Advanced Analytics, puede identificar tendencias, concentrarse en las áreas de preocupación y usar los datos para tomar medidas.
                        Los 6 casos de uso más convincentes para el reemplazo completo de VPN heredada
                        Los 6 casos de uso más convincentes para el reemplazo completo de VPN heredada
                        Netskope One Private Access es la única solución que le permite retirar su VPN para siempre.
                          Colgate-Palmolive Salvaguarda su "Propiedad Intelectual" con Protección de Datos Inteligente y Adaptable
                          Colgate-Palmolive Salvaguarda su "Propiedad Intelectual" con Protección de Datos Inteligente y Adaptable
                            Netskope GovCloud
                            Netskope logra la alta autorización FedRAMP
                            Elija Netskope GovCloud para acelerar la transformación de su agencia.
                              Hagamos grandes cosas juntos
                              La estrategia de venta centrada en el partner de Netskope permite a nuestros canales maximizar su expansión y rentabilidad y, al mismo tiempo, transformar la seguridad de su empresa.
                                ""
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) proporciona a los clientes potentes herramientas de integración para aprovechar las inversiones en su postura de seguridad.
                                  Soporte técnico Netskope
                                  Soporte técnico Netskope
                                  Nuestros ingenieros de soporte cualificados ubicados en todo el mundo y con distintos ámbitos de conocimiento sobre seguridad en la nube, redes, virtualización, entrega de contenidos y desarrollo de software, garantizan una asistencia técnica de calidad en todo momento
                                    Vídeo de Netskope
                                    Netskope Training
                                    La formación de Netskope le ayudará a convertirse en un experto en seguridad en la nube. Estamos aquí para ayudarle a proteger su proceso de transformación digital y aprovechar al máximo sus aplicaciones cloud, web y privadas.

                                      Threat Labs News Roundup: March 2023

                                      Apr 10 2023

                                      Summary

                                      The purpose of the Netskope Threat Labs News Roundup series is to provide enterprise security teams an actionable brief on the top cybersecurity news from around the world. The brief includes summaries and links to the top news items spanning cloud-enabled threats, malware, and ransomware.

                                      Top Stories

                                      BlackLotus bootkit targeting Windows 11

                                      Researchers found that an UEFI bootkit known as BlackLotus is able to successfully bypass the UEFI Secure Boot on fully updated Windows 11 systems, being sold on forums for $5,000. Details

                                      CVE-2023-21716 PoC released by security researcher

                                      After the Microsoft Word RCE vulnerability (CVE-2023-21716) was fixed by Microsoft, the security researcher that discovered the vulnerability released a proof-of-concept (PoC) on Twitter. Details

                                      Emotet returns after brief hiatus

                                      After a brief hiatus, a new Emotet campaign was spotted, where attackers behind Emotet have added a technique known as binary padding to bypass detection. Details

                                      Microsoft Outlook Zero-day Exploited by APT28

                                      Microsoft warns about the Microsoft Outlook vulnerability (CVE-2023-23397) being exploited by APT28 (a.k.a. Fancy Bear, Pawn Storm), an APT group linked to Russia’s military intelligence service GRU. Details

                                      Microsoft releases update for Acropalypse

                                      Microsoft released an emergency security update to address a vulnerability known as Acropalypse (CVE-2023-28303), fixing an issue in the Snipping tool of Windows 10 and 11. Details

                                      OpenAI confirms data breach on ChatGPT

                                      OpenAI has confirmed a bug in ChatGPT that resulted in a data breach, where users could see data belonging to other users. Details

                                      Cybersecurity Events in Ukraine

                                      Russia bans foreign messaging apps

                                      The Russian agency Roskomnadzor has warned that the use of foreign messaging applications, such as Discord, WhatsApp, and Teams, is being banned in Russian government and state agencies. Details

                                      Russian disinformation campaign uncovered

                                      Researchers have found a social engineering campaign that involves duping high-profile individuals who support Ukraine into making comments and performing embarrassing acts on videos, and then using those videos in misinformation campaigns. Details

                                      Russian attackers shifting to cyber espionage

                                      The State Service of Special Communication and Information Protection (SSSCIP) of Ukraine says that Russian attackers that failed to achieve their goals in 2022 are shifting from disruptive attacks to cyber espionage. Details

                                      Russia-linked APT group targeting governments

                                      Researchers found that a Russia-linked APT group named Winter Vivern is targeting government entities in Ukraine, Poland, Italy, and India in recent campaigns. Details

                                      Russian spy ring dismantled by Polish counter-intelligence

                                      A Russian spy ring that gathered intelligence on military equipment deliveries to Ukraine and was preparing acts of sabotage on behalf of Russia has been dismantled by Polish counter-intelligence. Details

                                      Ukraine’s critical sectors attacked by new APT

                                      Researchers found that a new APT group named Bad Magic has been targeting Ukraine’s government, agriculture, and transportation organizations located in Crimea, Lugansk, and Donetsk. Details

                                      Russia worldwide cyberwar plans exposed

                                      A Russian contractor leaked thousands of confidential documents that expose Russia military and intelligence agencies’ plans for using their tools in cyber attacks to conduct critical infrastructure disruptions, disinformation campaigns, and more. Details

                                      Cloud-enabled Threats

                                      RedLine Stealer abusing dropbox to target hospitality industry

                                      Researchers found a RedLine Stealer campaign targeting the hospitality industry, where attackers use spear phishing emails to lure victims into downloading the malware from Dropbox. Details

                                      PyPI malware abusing Discord and Transfer.sh

                                      A malicious package hosted in Python Package Index (PyPI) was found delivering an information stealer and remote access trojan, abusing Discord to fetch the payload and transfer.sh for data exfiltration. Details

                                      Attackers abusing AWS to steal confidential data

                                      A new campaign dubbed as SCARLETEEL was discovered, where attackers are exploiting vulnerable public web applications hosted on AWS to steal proprietary software and credentials. Details

                                      Abusing Google Cloud Platform for data exfiltration

                                      Researchers have found that an attacker could exploit Google Cloud Platform (GCP) to exfiltrate sensitive data due to lack of visibility in Google storage logs. Details

                                      Rhadamanthys and RedLine stealers delivered through Google Ads

                                      New campaigns that are abusing Google Ads to deliver Rhadamanthys and RedLine infostealers were found, using a technique to mimic websites associated with Notepad++ and Blender 3D software. Details

                                      BATLOADER abusing Google Ads to deliver multiple malware

                                      BATLOADER has been observed abusing Google Ads to deliver Vidar Stealer and Ursnif payloads, spoofing multiple legitimate apps such as Adobe, ChatGPT, Spotify, Tableau, and Zoom. Details

                                      YouTube abused to spread multiple malware

                                      Researchers found that attackers are using AI-generated YouTube videos containing fake tutorials to spread multiple stealers, such as Raccoon, RedLine, and Vidar. Details

                                      Adobe Acrobat Sign abused to deliver RedLine

                                      A new campaign was found where attackers are abusing Adobe’s online document signing service to spread RedLine stealer. Details

                                      Ransomware

                                      FBI and CISA warns about Royal ransomware

                                      The FBI and CISA have released a joint advisory about the increase of Royal ransomware attacks targeting critical U.S. infrastructure sectors, including healthcare, education and communication. Details

                                      Play ransomware claims attack on City of Oakland

                                      The Play ransomware group has claimed responsibility for the attack on the City of Oakland that disrupted IT systems in February 2023. Details

                                      LockBit demanding $2 million as ransom

                                      The LockBit ransomware group is demanding $2 million as ransom in return for the Pierce Transit stolen data, which was breached in February 2023. Details

                                      Members of DoppelPaymer ransomware arrested

                                      Germany and Ukraine authorities have arrested suspected core members of the DoppelPaymer ransomware group. Details

                                      IceFire ransomware now targeting Linux

                                      A new version of the recently discovered IceFire ransomware was discovered by researchers, able to encrypt files in Linux-based systems. Details 

                                      Clop ransomware extorting GoAnywhere zero-day victims

                                      The Clop ransomware group is extorting victims of the zero-day vulnerability in GoAnywhere file sharing software, where they claim to have stolen data from 130 companies. Details

                                      Microsoft fixes zero-day used in Magniber ransomware attacks

                                      The vulnerability tracked as CVE-2023-24880 that was being used by attackers to deploy Magniber ransomware payloads is now fixed by Microsoft. Details

                                      BrianLian ransomware moving away from encryption

                                      The BrianLian ransomware group is updating its operation by moving away from encryption and focusing on pure data-theft and extortion tactics. Details

                                      Clop ransomware claims responsibility for attack on City of Toronto

                                      The Clop RaaS group is claiming responsibility for a ransomware attack on the City of Toronto, where they used the GoAnywhere zero-day vulnerability. Details

                                      author image
                                      Gustavo Palazolo
                                      Gustavo Palazolo is an expert in malware analysis, reverse engineering and security research, working many years in projects related to electronic fraud protection.
                                      Gustavo Palazolo is an expert in malware analysis, reverse engineering and security research, working many years in projects related to electronic fraud protection.

                                      ¡Mantente informado!

                                      Suscríbase para recibir lo último del blog de Netskope