This week, we're joined by Corey White, Founder, CEO, and Chief Experience Officer at Cyvatar, an innovative cybersecurity company offering subscription-based solutions to a multitude of problems. Corey has an impressive list of experiences from his 28 years in cybersecurity, from serving as the Senior Vice President of Worldwide Consulting and Chief Experience Officer at Cylance to SVP of Consulting at Cylance.
Corey brings eye-opening facts about the increasing amount of cyberattacks that highlight the importance of continuous remediation for small/medium-sized businesses, and the need for the cybersecurity industry to mature and catch up with the bad actors.
We also cover six trending threats SMBs should know about.
Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services (04:18)
A new vulnerability has been discovered in the widely-used OAuth web service authenticator framework, specifically in the expo-auth-session library. Attackers can send unsuspecting victims a malicious link, and if they open it they send credentials back to the bad actor, leading to potential risks including full account takeover, identity theft, and unauthorized access to credit cards.
Notorious Cyber Gang FIN7 Returns Cl0p Ransomware in New Wave of Attacks (07:09)
The notorious cybercrime group FIN7 is leveraging a variant of the Cl0p ransomware family. There aren’t new vulnerabilities specially attributed to this so it’s likely paired with another vulnerability.
BlackCat Ransomware Deploys New Signed Kernel Driver (08:36)
The BlackCat ransomware group now has access to signed certificates to be able to roll their own signed malware. Signed malware is trusted by the operating system implicitly and allows the malware to move freely and easily comprise the system.
New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East (11:07)
An unknown threat actor, tentatively linked to Iranian threat groups, has been deploying a malicious Windows kernel driver called WINTAPIX in a campaign primarily targeting the Middle East since May 2020. The driver subverts or disables security mechanisms and gains entrenched access to the targeted host, enabling the attacker to infiltrate the system more deeply, maintain persistence, and execute additional payloads or commands.
MalasLocker Ransomware Targets Zimbra Servers, Demands Charity Donation (12:37)
The new MalasLocker ransomware operation has been targeting Zimbra servers since March 2023, stealing emails and encrypting files. Rather than asking for a ransom, the attackers demand a donation to charity to decrypt the files and prevent data leaks.
Chinese State Hacker 'Volt Typhoon' Targets Guam and US (15:51)
Volt Typhoon, a Chinese state-sponsored actor, has been targeting critical infrastructure in Guam and the United States since mid-2021, likely for cyberespionage and to maintain long-term access. It targets sectors including communications, information technology, and government agencies, gaining initial access through internet-facing Fortinet FortiGuard devices and extracting credentials to an Active Directory account used by the device. Once inside a network, the actor proxies internet traffic through compromised small-office or home-office routers, making detection more difficult.
Interview with Corey White (19:03)
Corey shares eye-opening facts about the increasing amount of cyberattacks that highlight the importance of continuous remediation for small/medium-sized businesses, and the need for the cybersecurity industry to mature and catch up with the bad actors.
