Threat actors often use popular news headlines to entice people to click on malicious links in email messages, and the recent Colonial Pipeline hack is the perfect opportunity for criminals. Threat researchers are seeing malicious emails that discuss the attack and ask victims to download a “ransomware system update” in order to protect their organization. The emails contain links to websites with convincing names. The threat actors behind the attacks created fake websites that are designed with logos from the target companies to further convince victims everything is legitimate. Threat researchers stated the attackers were able to get past many phishing systems by using new domains. This same technique will likely be used in conjunction with the recent JBS attack as well.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is