WEEKLY CYBERSECURITY NEWSLETTER NO: 237

#WeeklyCybersecurityTip: Run effective phishing tests regularly for your employees.

Oct 3, 2022 7:45 am

1- Morgan Stanley fined millions for selling off devices full of customer PII

Morgan Stanley, which bills itself in its website title tag as the “global leader in financial services”, and states in the opening sentence of its main page that “clients come first”, has been fined $35,000,000 by the US Securities and Exchange Commission (SEC)… …for selling off old hardware device…

2- URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”

Just when you hoped the week would quieten down and yield you some SecOps downtime over the weekend… …and along comes a brand new zero-day hole in Microsoft Exchange! More precisely, two zero-days that can apparently be chained together, with the first bug used remotely to open enough of a hole to t…

3- NetSupport RAT Uses Social Engineering Toolkits to Deploy Malware on Victim’s System

Cyble Research & Intelligence Labs noticed threat actors using Fake Browser Update, SocGholish to deliver the NetSupport RAT. SocGholish is active since 2017. It is a JavaScript malware framework where “Soc” refers to the use of social engineering toolkits masquerading as software updates to deploy …

4- Hackers Targeting Multiple Military & Weapons Contractor Companies Using Powershell Stagers

Securonix Threat Labs has identified a new covert attack campaign targeting Military and Weapons Contractor companies including an F-35 Lightning II fighter aircraft components supplier. This campaign involved the use of PowerShell, secured C2 infrastructure and multiple layers of obfuscation in the…