Black Bear MSSP, LLC

12/06/2022

Are your employees Christmas shopping at their desk? They could be putting your business at risk from social media shopping scams. You need to know about this

Online shopping scams hit nearly half of social media users

12/06/2022

An upcoming Outlook update will allow you to add Focus Time to your calendar which pauses notifications from both Outlook and Teams. Are these your biggest distractions? http://ow.ly/POHc30sssET

12/06/2022

I often write about the complexity of threat actors and why it is imperative that we remain in a constant state of vigil. A recently detected vulnerability uses techniques never seen before. A threat actor known as "Cranefly" has found a way to leverage the intrinsic IIS (Microsoft's legitimate "Internet Information Services" built into most Microsoft servers) log reading and writing capabilities to compromise Microsoft servers.

The threat actors use an undocumented Trojan.Geppei to install another new trojan, Trojan.Danfuan, as well as the commonly known Hacktool:Regeorg. What's alarming is Trojan:Geppei's ability to read from and write to IIS logs. Data from the logs can be read and sent to the threat actors, while data sent back to the server from the threat actors can be written to the IIS logs, and then malicious commands can be executed on the compromised systems from those innocuous-looking log entries.

This is a zero day attack, meaning there is no known solution, and a perfect example of why you not only need up-to-date security and patch policies but why you need a security company who is aware of all emerging threats. HASH's are available for these malicious files, so even though your up-to-date antivirus software may not detect the threat, Black Bear MSSP has already written a security component for our managed security clients that scans for, and alerts to, these threats.

Group uses novel method of reading commands from legitimate IIS logs.

12/05/2022

Do you remember the glowing logo on your MacBook? It’s been gone since 2015, but it might be making a comeback on future models http://ow.ly/5NeB30sssES

12/04/2022

Is your network monitored over the weekend and during the holidays? Cyber attacks at these times are more frequent, more damaging and far more expensive. We can help http://ow.ly/Srh030ssEwh

12/03/2022

A new Microsoft 365 app is set to replace the existing Office app. The web app is rolling out now, and the mobile and Windows versions will follow in January. Ask us if it affects you http://ow.ly/TZ2130ssEwg

12/02/2022

Behold the future! By the year 3000 humans may have smaller brains, hunched backs, claw-like hands, and second eyelids. You can thank your phone and your laptop http://ow.ly/bJAH30ssEwf

12/02/2022

We often get asked whether or not antivirus is required for smartphones and mobile devices, and the answer is, unequivocal, YES. Additionally, you should utilize a reputable VPN service for those same devices.

People also assume that all apps from the Apple Store or the Google Play Store are intrinsically safe. Unfortunately, that is not the reality!

In a recent attack predominantly detected in India, sensitive user data was harvested and stolen by a malicious app, previously available in the Google Play Store, posing as a reputable app designed for digital lending.

Hackers and threat actors are evolving rapidly, as are their tactics, budgets and resources. Protecting ALL of your devices with encryption, both in transit and at rest, and reputable security software is imperative. It is also essential to always have a defensive mindset regarding your sensitive personal and financial data. Don't ever share your sensitive data with any app or vendor you are not 100% sure is authentic and secure. And even then, you must do your due diligence to ensure that your data is transmitted securely and that your mobile device is not compromised. We are at war, and the end user is constantly under attack.

At Black Bear MSSP, our Cybersecurity solutions include mobile device protection and end-user training to ensure you can detect threats before you become a victim.

https://blog.cyble.com/2022/11/30/fraudulent-digital-lending-andriod-app-steals-users-sensitive-data/

Cyble Research and Intelligence Labs analyzes how fraudulent digital lending app steals users' sensitive information.

12/02/2022

US Companies are under attack again! The ransomware group Black Basta uses a Qakbot infection to gain a foothold within your network. This ransomware threat is quite severe and spreads quickly. The vector of attack is an email attachment. As always, be vigilant regarding suspicious emails and email attachments.

If you don't already have a comprehensive Cybersecurity solution in place, which includes email spam filtering, EDR endpoint protection, elevated access protection, employee training and phishing campaigns, Black Bear MSSP can help to implement a solution.

https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies

Learn to detect and prevent an aggressive new attack campaign operated by the Black Basta ransomware group that's targeting U.S. companies.

12/02/2022

Are you transparent about the ways you monitor your remote team? Honesty is the best policy if you want to get the best from them. Does your team know what info you collect? http://ow.ly/fILz30sssFa

12/01/2022

It’s 30 years since the first SMS text message was sent. This week in 1992, young British developer Neil Papworth used a PC to say “Merry Christmas” to his colleague. http://ow.ly/MtTx30ssEwe

12/01/2022

Our Weekly Tech update from Black Bear MSSP:

https://youtu.be/tRJACdxjTnk

Zoom plans to implement some new tools to compete with Microsoft Teams and Slack