XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure

Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections. [TechWeb]( Follow Dark Reading: [RSS]( August 14, 2023 LATEST SECURITY NEWS & COMMENTARY [XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure]( Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections. [Security Pressures Mount Around AI's Promises & Peril]( Both threats to enterprises and career opportunities are being created by the escalation of generative AI and ChatGPT, warns Maria 'Azeria' Markstedter. [As Phishing Gets Even Sneakier, Browser Security Needs to Step Up]( Perception Point's Din Serussi says browser extensions can help mitigate more sophisticated phishing techniques. [Threat Intelligence Efforts, Investment Lagging, Says Opswat]( In an annual survey, 62% of respondents admited their threat intel efforts need stepping up. [Rhysida Ransomware Trains Its Sights on Healthcare Operations]( The new group has already made an impact in multiple countries and industries, including a multistate hospital chain in the US. [What CISA and NSA Guidance Means for Critical Infrastructure Security]( Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats. [Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says]( Wi-Fi settings are easily stolen when old gadgets are gotten rid of, which puts end users in the crosshairs for network attacks. [Major Police Breach Endangers Safety of Officers & Civilians]( A mistake snowballs into a serious political issue as the safety of police officers in Northern Ireland is compromised in an accidental data leak. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [EvilProxy Cyberattack Flood Targets Execs via Microsoft 365]( A campaign sent 120,000 phishing emails in three months, circumventing MFA to compromise cloud accounts of high-level executives at global organizations [CISA: 'Whirlpool' Backdoor Sends Barracuda ESG Security Down the Drain]( Researchers have observed China's UNC4841 dropping the backdoor on Barracuda's email security appliances, in a spiraling cyber-espionage campaign. [Cybersecurity: It's Time to Trust the Machines]( When it comes to cybersecurity automation, the pluses outweigh the minuses. [Navigating Cybersecurity's Seas: Environmental Regulations, OT & the Maritime Industry's New Challenges]( Stringent efficiency measures in new environmental regulations create an unintended consequence for the shipping industry: increased cybersecurity risks in operational technology systems. [MORE]( EDITORS' CHOICE [Dell Credentials Bug Opens VMware Environments to Takeover]( Decoding private keys from even one Dell customer could give attackers control over VMware environments across all organizations running the same programs. LATEST FROM THE EDGE [What's in New York's 'First-Ever' Cyber Strategy?]( Governor Kathy Hochul has made cybersecurity a key priority, with New York's first chief cyber officer, Colin Ahern, leading the effort. LATEST FROM DR TECHNOLOGY [New LLM Tool Seeks and Remediates Vulnerabilities]( Vicarius launches vuln_GPT, which it says will generate and execute scripts to ameliorate flaws such as the TETRA backdoor. LATEST FROM DR GLOBAL [Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications]( Further TETRA-related vulnerabilities have been disclosed in base stations that run and decrypt the worldwide communications protocol for industrial systems. WEBINARS - [Protecting the Database: How to Secure Your Enterprise Data]( For many enterprises, the "crown jewels" are found in their database applications - virtual "crown jewels" of data in traditional database applications that are often linked to the Internet. What are the chief threats to today's databases? How can you ... - [Where and When Automation Makes Sense For Enterprise Cybersecurity]( A shortage of skilled IT security professionals has made it tempting to try to automate everything. But security teams have to be able to determine which tasks are safe to automate. How does emerging automation technology work, and how can ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( - [Rediscovering Your Identity]( - [2023 Global Future of Cyber Report]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [DARPA Taps RTX to Attune AI Decisions to Human Values]( [Fortinet Announces Free Security Awareness Curriculum for K-12 Students Tied to White House's Cyber Initiatives]( [SecurityGen Study Highlights Hidden Threat to 5G Mobile Networks From GTP-Based Cyberattacks]( [Osano Secures $25M Series B to Advance Data Privacy Platform]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Secrets of Successful SecOps Data Analytics]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=117699&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_08.14.23&sp_cid=49470&utm_content=DR_NL_Dark%20Reading%20Daily_08.14.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#02 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)