Welcome to our bi-weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Russian cyber spy group APT28 backdoors Cisco routers via SNMP

Source: CSO

The spy agency has been exploiting an old vulnerability that allows bad actors to gain access through simple network management protocol credentials. Read more.

Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered

Source: The Hacker News

The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. Read more.

GitHub debuts pedigree check for npm packages via Actions

Source: The Register

Developers who use GitHub Actions to build software packages for the npm registry can now add a command flag that will publish details about the code’s origin. Read more.

Play ransomware gang uses custom Shadow Volume Copy data-theft tool

Source: BleepingComputer

The Play ransomware group has developed two custom tools in .NET, namely Grixba and VSS Copying Tool, which it uses to improve the effectiveness of its cyberattacks. Read more.

Medusa ransomware crew brags about spreading Bing, Cortana source code

Source: The Register

The Medusa ransomware gang has put online what it claims is a massive leak of internal Microsoft materials, including Bing and Cortana source code. Read more.

Threat Actors Rapidly Adopt Web3 IPFS Technology

Source: Palo Alto

During 2022, analysts from Unit 42 observed the rampant adoption of the InterPlanetary File System (aka IPFS) being used as a vehicle for malicious intent. IPFS is a Web3 technology that decentralizes and distributes the storage of files and other data into a peer-to-peer network. Read more.

Read The Manual Locker: A Private RaaS Provider

Source: Trellix

Trellix observed the “Read The Manual” (RTM) Locker gang, previously known for their e-crime activities, targeting corporate environments with their ransomware, and forcing their affiliates to follow a strict ruleset. Read more.