On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manual.1 Initial analysis suggests the activity is likely criminal.

We're excited to announce that Protiviti, a global leader in consulting services and recognized authority in Microsoft compliance and identity, has formed a strategic partnership with BlueVoyant, an industry-leading MXDR Sentinel services provider, that additionally offers an AI-driven cyber defense platform.

On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon sensor impacting Windows operating systems was identified, and a fix was deployed.1 CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos.

In today's digital landscape, stealer logs have become a significant threat, targeting sensitive information and compromising security. At Foresiet Threat Intelligence Team, we continuously monitor and analyze these threats to help protect individuals and organizations. Here are the top 5 stealer logs currently affecting users.

Joint customers utilizing Rubrik for immutable backup are recommended to utilize Rubrik in-place recoveries for impacted Windows VMware Virtual Machines (VMs), standard VM restores for Azure VMs, AWS EC2 instances, and live mounts for Hyper-V and AHV VMs. For VMware VMs this significantly reduces the recovery time by only recovering the changed blocks required to revert the VM to a snapshot before the 04:09 UTC CrowdStrike host update.

New data puts the spotlight on the frequency and impact of modern ransomware attacks, highlighting the overconfidence organizations are showing in their ability to defend and respond to attacks. If you’re like one of the organizations surveyed in Halcyon’s latest Ransomware CISO Survey report, the findings were quite eye opening.

Read also: Global law enforcement op strikes West African cybercrime, the Astrostress operator gets a prison sentence, and more.

The ransomware attack against UnitedHealth Group’s Change Healthcare platform is expected to cost the company up to $2.45 billion, more than a billion dollars more than was previously estimated, Cybersecurity Dive reports. The incident has already cost the firm nearly $2 billion.

The ViperSoftX info-stealing malware has evolved, now utilizing the common language runtime (CLR) to covertly execute PowerShell commands within AutoIt scripts. This sophisticated approach allows ViperSoftX to bypass traditional security measures and remain undetected, posing a significant threat to cybersecurity. Leveraging CLR and AutoIt for Stealth Operations CLR, a core component of Microsoft’s.NET Framework, functions as the execution engine for.NET applications.