Welcome to our bi-weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Russian cyber spy group APT28 backdoors Cisco routers via SNMP
The spy agency has been exploiting an old vulnerability that allows bad actors to gain access through simple network management protocol credentials. Read more.
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered
Source: The Hacker News
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. Read more.
GitHub debuts pedigree check for npm packages via Actions
Source: The Register
Developers who use GitHub Actions to build software packages for the npm registry can now add a command flag that will publish details about the code’s origin. Read more.
Play ransomware gang uses custom Shadow Volume Copy data-theft tool
The Play ransomware group has developed two custom tools in .NET, namely Grixba and VSS Copying Tool, which it uses to improve the effectiveness of its cyberattacks. Read more.
Medusa ransomware crew brags about spreading Bing, Cortana source code
Source: The Register
The Medusa ransomware gang has put online what it claims is a massive leak of internal Microsoft materials, including Bing and Cortana source code. Read more.
Threat Actors Rapidly Adopt Web3 IPFS Technology
Source: Palo Alto
During 2022, analysts from Unit 42 observed the rampant adoption of the InterPlanetary File System (aka IPFS) being used as a vehicle for malicious intent. IPFS is a Web3 technology that decentralizes and distributes the storage of files and other data into a peer-to-peer network. Read more.
Read The Manual Locker: A Private RaaS Provider
Trellix observed the “Read The Manual” (RTM) Locker gang, previously known for their e-crime activities, targeting corporate environments with their ransomware, and forcing their affiliates to follow a strict ruleset. Read more.