Appending a malicious file to an unsuspecting file format is one of the tricks our adversaries use to evade detection. Recently, we came across an interesting email campaign employing this technique to deliver the info stealer Vidar malware. First, let’s examine the email delivery mechanism, then go on to take a closer look at the Vidar malware itself. Figure 1: The malicious spam message The messages in this campaign have two things in common.

Read also: Italy’s state railway operator halts ticket sales due to a suspected cyberattack, malicious npm packages target Azure developers, and more.

When it comes time for an employee to leave your organization, you want it to be on friendly terms. But there are definitely limits to how friendly you want folks to be after they leave. Especially when it comes to accessing materials from their old position for their new endeavors. In a recent bizarre case, it was reported that a former acting Department of Homeland Security Inspector General has pleaded guilty to stealing government software and data for use in his own product.

Trading on the stock market has only grown more complex in the past few decades. Thanks to high frequency trading (HFT) and the rise of Big Data in financial markets, it’s impossible for an individual investor, trader or stock analyst to make the right investment decisions quickly enough to react to an increasingly complex market. With traders needing to make investment decisions on-the-spot in seconds, not minutes, it’s unsurprising that they have turned to rule-based automation and AI.

Every organization has tons of sensitive information stored in the cloud. The unanticipated surge in remote work resulted in an increase in the amount of information stored in the cloud. According to TechJury, 67% of enterprise infrastructure is cloud-based. However, with organizations allowing employees to use both business and personal devices at work, the attack surface has expanded, increasing opportunities for threat actors to target vulnerable devices.

There’s no question that centralized identity and access management (IAM) helps companies reduce risk and prevent attacks. But, as this week’s Okta attack shows, centralized IAM doesn’t eliminate all risks. Attackers with access to IAM data can use this information to easily access downstream systems or modify permissions to grant elevated access to malicious parties.

AvosLocker is a ransomware-as-a-service (RaaS) gang that first appeared in mid-2021. It has since become notorious for its attacks targeting critical infrastructure in the United States, including the sectors of financial services, critical manufacturing, and government facilities. In March 2022, the FBI and US Treasury Department issued a warning about the attacks.

As developers, we need maximum visibility of what’s actually running in our cloud environments, in order to keep them secure. Infrastructure as code (IaC) helps developers automate their cloud infrastructures, so what’s deployed to the cloud is under control and can easily be audited. But achieving and maintaining 100% IaC coverage of your infrastructure has many challenges.