Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
SuperMailer Abuse Explodes, Now Responsible for 14% of All Credential Phish Discovered in Inboxes
Source: Cofense
The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume. Emails containing the unique SuperMailer string barely registered in January and February, but in the first half of May they accounted for over 5% of credential phishing emails reported by Cofense PDC customers. Read more.
Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
Source: DARK Reading
A recent survey from McAfee found that nearly a third (30%) of adults have fallen victim or know someone who has fallen victim to an online scam when bargain hunting for travel deals, with a full two-thirds of victims losing up to $1,000. Read more.
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
Source: MANDIANT
The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia. Read more.
Top Malware Trends of April
Source: Cofense
To help keep up with evolving tactics and top ongoing threats affecting real customers, the PDC has created a breakdown of the top five malware families we have seen across the Managed Phishing Detection and Response (MPDR) customer base over the past thirty days. Read more.
Lazarus Group Targeting Windows IIS Web Servers
Source: ASEC
The ASD log shows that Windows server systems are being targeted for attacks, and malicious behaviors are being carried out through w3wp.exe, an IIS web server process. Therefore, it can be assumed that the threat actor uses poorly managed or vulnerable web servers as their initial breach routes before executing their malicious commands later. Read more.
Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks
Source: The Hacker News
“The attackers can steal credentials and exfiltrate users’ data and personal information, which can be leveraged for malicious activities beyond financial gain,” SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a new report shared with The Hacker News. Read more.
GitLab ‘strongly recommends’ patching max severity flaw ASAP
Source: Bleeping Computer
GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825. Read more.
Account Compromise, Financial Theft, and Supply Chain Attacks: Analyzing the Small and Medium Business APT Phishing Landscape in 2023
Source: proofpoint
By leveraging the Proofpoint Essentials telemetry, which encompasses over 200,000+ small and medium business organizations, researchers were able to identify key trends in the APT landscape that pose unique threats to SMBs globally. Read more.
Infecting SSH Public Keys with backdoors
Source: The Hacker’s Choice
In this article, you will learn how to add a backdoor to the SSH Public Key. The backdoor will execute whenever the user logs in. The backdoor hides as an unreadable long hex-string inside ~/.ssh/authorized_keys or ~/.ssh/id_*.pub. Read more.
Updates to Legion: A Cloud Credential Harvester and SMTP Hijacker
Source: CADO
Cado Labs recently discovered and reported on an emerging cloud-focused hacktool, designed to harvest credentials from misconfigured web servers and leverage these credentials for email abuse. The tool was named ‘Legion’ by its developers, and was distributed and marketed in various public groups and channels within the Telegram messaging service. Read more.
Backup Repositories Targeted in 93% of Ransomware Attacks
Source: infosecurity
Veeam also found that in 93% of ransomware incidents, the threat actors target the backup repositories, resulting in 75% of victims losing at least some of their backups during the attack, and more than one-third (39%) of backup repositories being completely lost. Read more.
6 ChatGPT risks for legal and compliance leaders
Source: HELPNETSECURITY
“Legal and compliance leaders should assess if these issues present a material risk to their enterprise and what controls are needed, both within the enterprise and its extended enterprise of third and nth parties. Failure to do so could expose enterprises to legal, reputational and financial consequences.” Read more.
QBot malware abuses Windows WordPad EXE to infect devices
Source: Bleeping Computer The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software. Read more.
CISA, NSA Issue New IAM Best Practice Guidelines
Source: SecurityIntelligence
Nonetheless, the importance of IAM cannot be overstated in today’s world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented and managed effectively. Read more.