Featured Story
Mockingjay Slips By EDR Tools With Process Injection Technique
By leveraging misconfigured DLLs instead of EDR-monitored APIs, the new “Mockingjay” technique injects malicious code into running processes while completely evading endpoint detection solutions. This process injection method bypasses traditional security by abusing trusted, but vulnerable, DLLs.
Attackers are shifting to multi-staged attacks that use known-vulnerable DLLs, a tactic known as Bring Your Own Vulnerable Driver (BYOVD). While harder to detect, some EDRs can flag these DLLs. Our SOC team can help identify these risks through targeted threat hunting and behavior analysis.
Other Stories
Cl0p in Your Network? Here’s How to Find Out
Cl0p ransomware groups have exploited MOVEit vulnerabilities and may have implanted backdoors. Experts suggest that most targeted organizations had chances to catch the attack before encryption was deployed.
Even after patching, it’s essential to hunt for indicators of compromise (IOCs) to ensure no persistence remains. Our SOC can assist in detecting signs of Cl0p group activities in your environment.
Fortinet Patches Critical RCE Vulnerability in FortiNAC
Fortinet has released a fix for CVE-2023-33299, a deserialization vulnerability with a 9.6 CVSS score that allows unauthenticated remote code execution through crafted requests to TCP/1050. FortiNAC users should patch immediately.
As with all high CVSS vulnerabilities affecting perimeter solutions, rapid patching is critical. If you use FortiNAC, contact us for patch validation or segmentation guidance.
Anatsa Banking Trojan Targeting Android Users Across Europe and the U.S.
ThreatFabric has observed the Anatsa banking trojan targeting mobile banking apps in the U.S., U.K., Germany, Austria, and Switzerland. Distributed via malicious apps on the Google Play Store, it facilitates device-takeover fraud and credential theft.
SOC Analysis:
Google Play malware is a growing concern. We recommend:
- Only using trusted apps from verified developers
- Installing mobile threat defense (MTD) tools
- Regularly reviewing mobile device logs
Chrome 114 Update Patches High-Severity Vulnerabilities
Google’s latest Chrome update resolves four vulnerabilities, including three rated high-severity. External researchers helped uncover the flaws, highlighting the importance of ongoing browser security reviews.
Chrome is widely used across corporate environments. We strongly recommend updating to Chrome 114. Our SOC team can help monitor patch status and enforce browser policy via MDM or GPO.
