Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor

Source: Security Week

CISA added eight new vulnerabilities to its catalog on Thursday, including two D-Link router and access point vulnerabilities exploited by a Mirai botnet variant. The six remaining security holes impact Samsung mobile devices and they were all patched by the technology giant in 2021. Read more.

Fileless attacks surge as cybercriminals evade cloud security defenses

Source: CSO

Based on analysis by Aqua Nautilus researchers of 700,000 real-world attacks, the report covers three key areas: software supply chain, risk posture (including vulnerabilities and misconfigurations), and runtime protection. Read more.

Aqua Security Study Finds 1,400% Increase in Memory Attacks

Source: TechRepublic

The Nautilus team reported that more than 50% of attacks focused on defense evasion and included masquerading techniques such as files executed from /tmp, a location used to store temporary files. Read more.

Charming Kitten Updates POWERSTAR with an InterPlanetary Twist


Charming Kitten appears to be primarily concerned with collecting intelligence by compromising account credentials and, subsequently, the email of individuals they successfully spear phish. Read more.

8Base Ransomware: A Heavy Hitting Player

Source: VMware

Describing themselves as “simple pen testers”, their leak site provided victim details through Frequently Asked Questions and Rules sections as well as multiple ways to contact them. What is interesting about 8Base’s communication style is the use of verbiage strikingly familiar to another known group, RansomHouse. Read more.

Anatsa banking Trojan hits UK, US and DACH with new campaign


The threat actors behind this new wave of Anatsa showed interest in new institutions from the US, UK, and DACH region. Our fraud intelligence platform was able to confirm this dangerous malware family adding multiple Android banking apps from these regions as new targets. Read more.

Andariel’s silly mistakes and a new malware family


Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the C2 server. Unfortunately, we were unable to catch the first piece of malware they downloaded, but we did see that exploitation was closely followed by the DTrack backdoor being downloaded. Read more.

Prominent cryptocurrency exchange infected with previously unseen Mac malware

Source: ars TECHNICA

Dubbed JokerSpy, the malware is written in the Python programming language and makes use of an open source tool known as SwiftBelt, which is designed for legitimate security professionals to test their networks for vulnerabilities. Read more.

Akira Ransomware Extends Reach to Linux Platform

Source: CYBLE

This group is actively targeting numerous organizations, compromising their sensitive data. It is worth noting that Akira ransomware has expanded its operations to include the Linux platform. Read more.

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator


Advertising platforms like Google Ads enable businesses to display advertisements to target audiences to boost traffic and increase sales. Malware distributors abuse the same functionality in a technique known as malvertising, where chosen keywords are hijacked to display malicious ads that lure unsuspecting search engine users into downloading certain types of malware. Read more.

Beware: New ‘RustBucket’ Malware Variant Targeting macOS Users

Source: The Hacker News

Researchers have pulled back the curtain on an updated version of an Apple macOS malware called RustBucket that comes with improved capabilities to establish persistence and avoid detection by security software. Read more.

Here’s how to use cyber threat intelligence to augment incident response

Source: SC MEDIA

CTI can enrich and offer context on these indicators and alerts by giving information that’s timely, relevant and actionable – saving responders time and helping direct the investigation. Read more.

GuLoader Campaign Targets Law Firms in the US


In the campaign covered in this blog post, threat actors leveraged GuLoader to deliver Remcos RAT (remote access trojan) by utilizing `github.io` as the source for downloading the payload. Read more.

Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

Source: The Hacker News

In yet another sign of a lucrative crimeware-as-a-service (CaaS) ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that’s actively being developed by its author to evade detection by software solutions. Read more.