Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Vulkan Unveiled: the Explosive Collaboration in Russian Cyber Warfare
Source: STRIKE SOURCE
We have learned that Vulkan plays a central role in Moscow’s cyber warfare endeavours, this partnership pre-dating the Russian invasion of Ukraine. Read more.
Clop Leaks: First Wave of Victims Named
Source: RELIAQUEST
Clop listed 11 additional organizations since our last update on June 16, 2023. In addition, they also leaked data allegedly belonging to one of the newly named organizations. Read more.
VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors
Source: MANDIANT
In late 2022, Mandiant published details surrounding a novel malware system deployed by UNC3886, a Chinese cyber espionage group, which impacted VMware ESXi hosts, vCenter servers, and Windows virtual machines (VM). Read more.
Cadet Blizzard emerges as a novel and distinct Russian threat actor
Source: Microsoft
Today, Microsoft Threat Intelligence is sharing updated details about techniques of a threat actor formerly tracked as DEV-0586—a distinct Russian state-sponsored threat actor that has now been elevated to the name Cadet Blizzard. Read more.
Generative AI Enables Threat Actors to Create More (and More Sophisticated) Email Attacks
Source: Abnormal
Platforms including ChatGPT can be used to generate realistic and convincing phishing emails and dangerous malware, while tools like DeepFaceLab can create sophisticated deepfake content including manipulated video and audio recordings. And this is likely only the beginning. Read more.
Cloud Mining Scam Distributes Roamer Banking Trojan
Source: CYBLE
Recently, Cyble Research & Intelligence Labs (CRIL) identified a cloud mining scam involving a Threat Actor (TA) operating a fraudulent website and distributing Android malware to unsuspecting victims through various phishing sites. Read more.
Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames
Source: orca security
In this blog post, we will describe two dangerous vulnerabilities that we found in Azure services—Azure Bastion and Azure Container Registry—that allow Cross-Site Scripting (XSS) by exploiting a weakness in the postMessage iframe. Read more.
Behind the Scenes: Unveiling the Hidden Workings of Earth Preta
Source: TREND MICRO
This blog entry discusses the more technical details on the most recent tools, techniques, and procedures (TTPs) leveraged by the Earth Preta APT group, and tackles how we were able to correlate different indicators connected to this threat actor. Read more.
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant
Source: Stairwell
An overview of the tools recently identified by Stairwell’s Threat Research has revealed that this group has also devoted considerable time and effort to researching and developing an equally robust toolset for Linux intrusions. One such example is ChamelDoH, a C++ implant designed to communicate via DNS-over-HTTPS (DoH) tunneling. Read more.
Honeypot Recon: Global Database Threat Landscape
Source: Trustwave
As more and more global businesses and organizations rely on DBMS systems to store tons of sensitive information, the risk of targeted attacks and data breaches continues to increase. Read more.
Analyzing the FUD Malware Obfuscation Engine BatCloak
Source: TREND MICRO
We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable (FUD) capabilities. Read more.
Threat Actor Targets Russian Gaming Community With WannaCry-Imitator
Source: CYBLE
Recently, CRIL uncovered a phishing campaign targeting Russian-speaking gamers intending to distribute ransomware. The TAs behind these malicious campaigns have employed phishing pages designed to closely resemble the legitimate Enlisted Game website. Read more.
Open-Source RATs Leveraged By APT Groups
Source: SOCRadar
In these attacks, it is sometimes observed that APT groups use open-source Remote Access Trojan (RAT) software. In this research paper, why APT groups also utilize open source RATs, the characteristics and detection of these RATs will be discussed in detail. Read more.
Deep dive into the Pikabot cyber threat
Source: SOPHOS NEWS
Pikabot is a recently discovered malware trojan and? with the June update to Sophos NDR, we have added an additional machine learning model to detect the encrypted traffic pattern of suspect Pikabot communication. Read more.