Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Tunnel Vision: Looking Out for Malicious Tunneling Use

Source: Malware Patrol

Offering a cloak of anonymity and encrypted pathways, these services have emerged as an option that allows attackers to obfuscate their activities and bypass conventional security measures. In this blog, we will explain how they work, explore the types of cyber threats they enable, and provide some mitigation strategies to fortify your defenses against them. Read more.

Dirty Stream Attack Poses Billions of Android Installs at Risk

Source: Security Affairs

The IT giant describes Dirty Stream as an attack pattern, linked to path traversal, that affects various popular Android apps. The technique allows a malicious app to overwrite files in the vulnerable app’s home directory, potentially leading to arbitrary code execution and the theft of tokens. Read more.

Android bug leaks DNS queries even when VPN kill switch is enabled


A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the “Always-on VPN” feature was enabled with the “Block connections without VPN” option. Read more.

Hackers Target New NATO Member Sweden with Surge of DDoS Attacks

Source: Infosecurity Magazine

Sweden has faced a wave of distributed denial of service (DDoS) attacks since it started the process of joining NATO, according to network performance management provider Netscout. Read more.

Pakistani APTs Escalate Attacks on Indian Gov.


India is one of the most targeted countries in the cyber threat landscape where not only Pakistan-linked APT groups like SideCopy and APT36 (Transparent Tribe) have targeted India but also new spear-phishing campaigns such as Operation RusticWeb and FlightNight have emerged. Read more.

New Cuttlefish malware infects routers to monitor traffic for credentials


Lumen Technologies’ Black Lotus Labs examined the new malware and reports that Cuttlefish creates a proxy or VPN tunnel on the compromised router to exfiltrate data discreetly while bypassing security measures that detect unusual sign-ins. Read more.

Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

Source: The Hacker News

Despite his short tenure at the intelligence agency, Dalke is said to have made contact with a person he thought was a Russian agent sometime between August and September of that year. In reality, the person was an undercover agent working for the Federal Bureau of Investigation (FBI). Read more.

JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

Source: JFrog

In this blog post, we reveal three large-scale malware campaigns we’ve recently discovered, targeting Docker Hub, that planted millions of “imageless” repositories with malicious metadata. These are repositories that do not contain container images (and as such cannot be run in a Docker engine or Kubernetes cluster) but instead contain metadata that is malicious. Read more.

A Cunning Operator: Muddling Meerkat and China’s Great Firewall

Source: Infoblox

This paper introduces a perplexing actor, Muddling Meerkat, who appears to be a People’s Republic of China (PRC) nation state actor. Muddling Meerkat conducts active operations through DNS by creating large volumes of widely distributed queries that are subsequently propagated through the internet using open DNS resolvers. Read more.

From IcedID to Dagon Locker Ransomware in 29 Days

Source: The DFIR Report

This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. This phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware. Victims were directed to a fraudulent website, mimicking an Azure download portal. Read more.