Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Oxycorat Android RAT Spotted On Dark Web Stealing Wi-Fi Passwords

Source: GBHackers

According to the details, the RAT includes a file manager, an SMS manager, and a wallet stealer, which could give attackers access to sensitive financial information. Read more.

Over 92,000 Internet-Facing D-Link NAS Devices Can Be Easily Hacked

Source: Security Affairs

A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models. Read more.

The Illusion of Privacy: Geolocation Risks In Modern Dating


Despite safety measures, the Hornet dating app (a popular gay dating app with over 10 million downloads) had vulnerabilities, allowing precise location determination, even if users disabled the display of their distances. In reproducible experiments, we achieved location accuracy within 10 meters. Read more.

New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame


A new ransomware group, Red CryptoApp (Red Ransomware Group), is shaking things up. Unlike others, they humiliate victims by publishing their names on a “wall of shame.” Learn how Red CryptoApp targets victims, what industries are at risk, and how to protect yourself. Read more.

Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack


The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key. Read more.

Threat Actors Deliver Malware via YouTube Video Game Cracks

Source: Proofpoint

Proofpoint Emerging Threats has observed information stealer malware including Vidar, StealC, and Lumma Stealer being delivered via YouTube in the guise of pirated software and video game cracks. Read more.

Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector

Source: SOPHOS

This report highlights how ransomware outcomes differ depending on the root cause of the attack. It compares the severity, financial cost, and operational impact of attacks that start with an exploited vulnerability with those where adversaries use compromised credentials to penetrate the organization. Read more.

Attackers Almost Backdoored Most Linux OSes Worldwide with Supply Chain Attack that Took Years to Set Up

Source: Bitdefender

This leads us to February 2024, when Jia Tan submitted patches for XZ Utils two versions, 5.6.0 and 5.6.1, which actually introduced a backdoor. The attackers could connect via the SSH protocol into a machine and skip the authentication process, giving them full access. Read more.

Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu


This post discusses a use-after-free vulnerability, CVE-2024-0582, in io_uring in the Linux kernel. Despite the vulnerability being patched in the stable kernel in December 2023, it wasn’t ported to Ubuntu kernels for over two months, making it an easy 0day vector in Ubuntu during that time. Read more.

New Darcula phishing service targets iPhone users via iMessage


One thing that makes the service stand out is that it approaches the targets using the Rich Communication Services (RCS) protocol for Google Messages and iMessage instead of SMS for sending phishing messages. Read more.