Featured Story
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
Threat actors behind the BlackCat ransomware are using malvertising tactics to distribute fake WinSCP installers. By cloning legitimate websites, they trick users into downloading malware-laced tools.
Approach Cyber observed similar attacks in recent weeks targeting tools such as VLC, Notepad++, VirtualBox, WinRAR, and 7-Zip.
Malvertising is a persistent threat using SEO poisoning and cloned pages. Always download software from verified sources, and validate the domain carefully before clicking. Our SOC can assist with endpoint protection strategies and secure browsing policies.
Other Stories
WordPress Sites Using Ultimate Member Plugin Are Under Attack
CVE-2023-3460 (CVSS 9.8) is being exploited to create hidden admin accounts in WordPress sites using the Ultimate Member plugin. This widely-used plugin has not yet been patched at time of reporting.
We strongly advise disabling the plugin until patched. Review and remove any suspicious admin accounts. Our SOC offers WordPress security audits and incident response support for compromised CMS platforms.
Over Two-Thirds of FortiGate Firewalls Still at Risk
Researchers report that 69% of vulnerable FortiGate firewalls remain unpatched against CVE-2023-27997, a critical heap overflow RCE flaw. The vulnerability was disclosed and patched in mid-June, but exploit code is now public.
Unpatched perimeter firewalls represent a major exposure. We advise all customers using Fortinet appliances to verify firmware versions and apply the latest patches. Our SOC can support with validation and scanning.
Microsoft Teams Exploit Tool Auto-Delivers Malware
TeamsPhisher is a new tool that allows external tenants to send malware-laced files to internal users via Microsoft Teams. The tool automates file delivery and exploits misconfigurations in Teams tenant settings.
Review your Teams tenant configuration to block unknown external communications. Only allow trusted tenants, and raise awareness on file sharing threats. Contact our SOC for Teams security assessments or policy reviews.
Applying for a Premium Through Engie? Beware!
Fake emails claiming to come from Engie are circulating, promising a premium in exchange for sensitive data. The link does not lead to an official Engie website and is designed to steal personal or banking details.
Always hover over suspicious links before clicking. Forward suspicious emails to:
- verdacht@safeonweb.be
- suspect@safeonweb.be
- suspicious@safeonweb.be
Our SOC is also available to support phishing analysis and user awareness programs.
