Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

SuperMailer Abuse Explodes, Now Responsible for 14% of All Credential Phish Discovered in Inboxes

Source: Cofense

The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume. Emails containing the unique SuperMailer string barely registered in January and February, but in the first half of May they accounted for over 5% of credential phishing emails reported by Cofense PDC customers. Read more.

Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

Source: DARK Reading

A recent survey from McAfee found that nearly a third (30%) of adults have fallen victim or know someone who has fallen victim to an online scam when bargain hunting for travel deals, with a full two-thirds of victims losing up to $1,000. Read more.

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises


The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia. Read more.

Top Malware Trends of April

Source: Cofense

To help keep up with evolving tactics and top ongoing threats affecting real customers, the PDC has created a breakdown of the top five malware families we have seen across the Managed Phishing Detection and Response (MPDR) customer base over the past thirty days. Read more.

Lazarus Group Targeting Windows IIS Web Servers

Source: ASEC

The ASD log shows that Windows server systems are being targeted for attacks, and malicious behaviors are being carried out through w3wp.exe, an IIS web server process. Therefore, it can be assumed that the threat actor uses poorly managed or vulnerable web servers as their initial breach routes before executing their malicious commands later. Read more.

Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks

Source: The Hacker News

“The attackers can steal credentials and exfiltrate users’ data and personal information, which can be leveraged for malicious activities beyond financial gain,” SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a new report shared with The Hacker News. Read more.

GitLab ‘strongly recommends’ patching max severity flaw ASAP

Source: Bleeping Computer

GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825. Read more.

Account Compromise, Financial Theft, and Supply Chain Attacks: Analyzing the Small and Medium Business APT Phishing Landscape in 2023

Source: proofpoint

By leveraging the Proofpoint Essentials telemetry, which encompasses over 200,000+ small and medium business organizations, researchers were able to identify key trends in the APT landscape that pose unique threats to SMBs globally. Read more.

Infecting SSH Public Keys with backdoors

Source: The Hacker’s Choice

In this article, you will learn how to add a backdoor to the SSH Public Key. The backdoor will execute whenever the user logs in. The backdoor hides as an unreadable long hex-string inside ~/.ssh/authorized_keys or ~/.ssh/id_*.pub. Read more.

Updates to Legion: A Cloud Credential Harvester and SMTP Hijacker

Source: CADO

Cado Labs recently discovered and reported on an emerging cloud-focused hacktool, designed to harvest credentials from misconfigured web servers and leverage these credentials for email abuse. The tool was named ‘Legion’ by its developers, and was distributed and marketed in various public groups and channels within the Telegram messaging service. Read more.

Backup Repositories Targeted in 93% of Ransomware Attacks

Source: infosecurity

Veeam also found that in 93% of ransomware incidents, the threat actors target the backup repositories, resulting in 75% of victims losing at least some of their backups during the attack, and more than one-third (39%) of backup repositories being completely lost. Read more.

6 ChatGPT risks for legal and compliance leaders


“Legal and compliance leaders should assess if these issues present a material risk to their enterprise and what controls are needed, both within the enterprise and its extended enterprise of third and nth parties. Failure to do so could expose enterprises to legal, reputational and financial consequences.” Read more.

QBot malware abuses Windows WordPad EXE to infect devices

Source: Bleeping Computer The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software. Read more.

CISA, NSA Issue New IAM Best Practice Guidelines

Source: SecurityIntelligence

Nonetheless, the importance of IAM cannot be overstated in today’s world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented and managed effectively. Read more.