Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Maldocs of Word and Excel: Vigor of the Ages
Source: CHECK POINT RESEARCH
In our research, we show the statistics on attacked industries and countries and highlight the payloads – many of them are in the top prevalent malware lists – delivered by maldocs. We investigate lures used in different attack campaigns and describe several tricks that can help maldocs fool automated sandboxes, even though the CVEs used are well-known and well-aged. Read more.
I Know What Your Password Was Last Summer…
Source: LARES
An interesting aspect we regularly encounter when compromising organisations is the psychology behind how people choose their passwords. This insight reveals patterns and tendencies in password creation within windows environments, shedding light on common vulnerabilities and the human factors influencing password security. Read more.
Coyote: A multi-stage banking Trojan abusing the Squirrel installer
Source: SECURELIST
This malware utilizes the Squirrel installer for distribution, leveraging NodeJS and a relatively new multiplatform programming language called Nim as a loader to complete its infection. We have named this newly discovered Trojan “Coyote” due to the role of coyotes as natural predators of squirrels. Read more.
Raspberry Robin Keeps Riding the Wave of Endless 1-Days
Source: CHECK POINT RESEARCH
Most importantly, Raspberry Robin continues to use different exploits for vulnerabilities either before or only a short time after they were publicly disclosed. Those 1-day exploits were not publicly disclosed at the time of their use. An exploit for one of the vulnerabilities, CVE-2023-36802, was also used in the wild as a 0-day and was sold on the Dark Web. Read more.
Chinese hackers fail to rebuild botnet after FBI takedown
Source: BLEEPING COMPUTER
Before KV-botnet’s takedown, it allowed the Volt Typhoon threat group (aka Bronze Silhouette) to proxy malicious activity through hundreds of compromised small office/home offices (SOHO) across the U.S. to evade detection. Read more.
2023 Cybersecurity Lingo for Stronger Digital Defense
Source: THE CYBER EXPRESS
The language of cybersecurity can be compared with a digital sword when it comes to ever-changing environments in cyberspace, where shadows keep both danger and safety. Ending 2023 leads us into a lexical exploration of the complex fabric of cyberslang, where cyber sentinels use secret cybersecurity jargon to secure the virtual world. Read more.
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks
Source: The Register
The vulnerability lies in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software, allowing attackers to extract secrets stored in memory in clear text such as usernames and passwords – à la CitrixBleed. Read more.