Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
The Endless Struggle Against APT10: Insights from LODEINFO v0.6.6 – v0.7.3 Analysis
Source: ITOCHU Cyber Intelligence Inc.
According to information released by security vendors, APT campaigns using LODEINFO target Japanese media, diplomacy, public institutions, defense industries, and think tanks. It is also suggested that the infamous APT group called APT10 is involved given the similarities in their methods and malwares. Read more.
Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients
Source: Trustwave
So, the story starts in Ubuntu, in dmesg to be exact. Dmesg (diagnostic messages) prints kernel-related messages for those of you not familiar. So, there I was, minding my own business, not at all looking into wireless, actually looking into some Bluetooth research (watch this space!). I had to install some required packages and suddenly Ubuntu crashed on me. I look into dmesg to see what the fuss is all about, no real answer… but I noticed this line that had to do with the wireless interface. Read more.
Exploits released for critical Jenkins RCE flaw, patch now
Source: BLEEPING COMPUTER
Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. Read more.
Nigerian ‘Yahoo Boys’ Behind Social Media Sextortion Surge in the US
Source: Infosecurity Magazine
Their typical approach is to “bomb” high schools, youth sports teams and universities with fake accounts, using advanced social engineering tactics to coerce their victims into a compromising situation. Read more.
The Intricacies of Atomic Stealer (AMOS) and the Emergence of Xehook Stealer on Dark Web
Source: The Cyber Express
A new information stealer has arrived on the dark web. Known as the Atomic Stealer (AMOS), this information stealer, this information-stealing malware is designed for a phishing campaign associated with the rise of dead cookie restoration and Xehook Stealer. Read more.
Russia-Linked APT Group Midnight Blizzard Hacked Hewlett Packard Enterprise (HPE)
Source: The Hacker News
Hewlett Packard Enterprise (HPE) revealed that alleged Russia-linked cyberespionage group Midnight Blizzard gained access to its Microsoft Office 365 cloud-based email environment. The attackers were collecting information on the cybersecurity division of the company and other functions. Read more.
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
Source: welivesecurity
ESET researchers provide an analysis of an attack carried out by a previously undisclosed China-aligned threat actor we have named Blackwood, and that we believe has been operating since at least 2018. The attackers deliver a sophisticated implant, which we named NSPX30, through adversary-in-the-middle (AitM) attacks hijacking update requests from legitimate software. Read more.