SSL.com and Entrust Form Strategic Partnership
SSL.com is proud to announce a strategic partnership with Entrust, where SSL.com will support Entrust’s public TLS certificate lifecycle, ensuring seamless, secure, and robust certificate services. Entrust customers will experience a smooth transition with no service interruptions, continuing to manage their accounts through the existing Entrust portal. To maintain trust and security, customers are encouraged to renew their certificates before October 31, 2024, using Entrust’s lifecycle solutions or automation tools. SSL.com will integrate multiple paths with Entrust, including serving as an external Registration Authority (RA) for Identity Validation, aligning with SSL.com’s policies and practices. This partnership underscores SSL.com’s commitment to excellence in digital identity and trust services, ensuring uninterrupted service and security for all customers.
For full information on the new partnership between SSL.com and Entrust, head over to our dedicated article.
PEAKLIGHT Malware Targets Windows Users
Mandiant researchers have discovered a new malware dropper named PEAKLIGHT, which targets Windows users through fake movie downloads. The sophisticated attack chain begins with a Windows shortcut file, leading to the deployment of various malware strains including Lumma Stealer and Hijack Loader. This campaign highlights the ongoing risks of downloading content from unofficial sources and the evolving tactics of cybercriminals.
Companies and organizations should ensure that their network defenses are capable of inspecting encrypted traffic for suspicious activity without compromising legitimate use, such as leveraging tools that can analyze traffic passing through encrypted channels. Implementing security solutions that can monitor PowerShell script execution, detect abnormal memory-only processes, and block unapproved programs from executing will prevent the downloader from running on the system. Organizations should also enhance endpoint security by controlling access to external devices and ensuring that only authorized programs can run on machines that are used by their members, significantly reducing the chances of malicious content from unauthorized sources being executed.
Black Basta-Linked Campaign Deploys SystemBC Malware via Social Engineering
Rapid7 has uncovered a social engineering campaign allegedly tied to the Black Basta ransomware group. The attackers use fake IT calls and Microsoft Teams to trick users into installing AnyDesk, which then delivers SystemBC malware. This campaign aims to steal credentials and exfiltrate data, highlighting the ongoing risks of sophisticated phishing attacks.
To combat the increasingly sophisticated phishing and social engineering attacks detailed in the article, companies should implement email scanning tools that block malicious attachments and links before they reach employees. Detection systems can be enhanced by analyzing network traffic to identify and block abnormal data transfers initiated by unauthorized remote desktop software. Regularly auditing and controlling access to sensitive data using encrypted communications will help protect against credential theft attempts during these attacks. SSL.com’s S/MIME certificates can secure email communications by encrypting messages and ensuring that they are only accessible to the intended recipient, thus preventing email-based credential theft.
Encrypt Emails, Safeguard Data
BlackByte Ransomware Exploits ESXi Vulnerability to Target Virtual Assets
BlackByte ransomware operators have begun exploiting a recent VMware ESXi authentication bypass vulnerability (CVE-2024-37085) to compromise enterprise networks’ core infrastructure. This pivot represents a significant change in the group’s tactics, moving away from their usual practice of exploiting public-facing vulnerabilities. The new approach allows attackers to gain full access to ESXi hosts using Active Directory privileges, potentially causing widespread disruption to virtual environments. SSL.com Insights:
Authenticate Users, Secure Your Network
New Stealth Techniques Target Asian Military and Government Organizations
Researchers at NTT have uncovered a sophisticated hacking campaign targeting high-level organizations in Southeast Asia. The attackers, possibly linked to China’s APT41, are using two rare stealth techniques: “GrimResource” for code execution in Microsoft Management Console, and “AppDomainManager Injection” for malware deployment. These methods have been used to infect Taiwanese government agencies, Philippine military, and Vietnamese energy organizations with Cobalt Strike malware.
To protect against sophisticated stealth techniques like GrimResource and AppDomainManager Injection, organizations should enhance their endpoint protection by using advanced tools that can detect and block payloads before they execute. Network traffic monitoring can also help identify unusual behaviors associated with compromised systems by scrutinizing unexpected file downloads or malicious script execution. Employing robust application control tools can prevent unauthorized changes to critical system files like MSCs and DLLs, minimizing the risk of exploitation through unapproved applications. Implementing strong email filtering and attachment scanning, along with user education on phishing tactics, can further reduce the likelihood of successful initial access. SSL.com’s S/MIME certificates provide an additional layer of protection by ensuring that emails are digitally signed and encrypted, helping users verify legitimate communications and avoid downloading malicious attachments that initiate these types of attacks.
Secure Emails, Block Phishing Threats