Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

CISA and FBI warn of Truebot infecting US and Canada based organizations

Source: Security Affairs

A new variant of the Truebot malware was used in attacks against organizations in the United States and Canada. Threat actors compromised target networks by exploiting a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software tracked as CVE-2022-31199. Read more.

Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability

Source: Cisco

This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. Read more.

Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking

Source: ars TECHNICA

The maintainers of the open source software that powers the Mastodon social network published a security update on Thursday that patches a critical vulnerability making it possible for hackers to backdoor the servers that push content to individual users. Read more.

New StackRot Linux kernel flaw allows privilege escalation


Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with “minimal capabilities.” The security issue is being referred to as StackRot (CVE-2023-3269) and can be used to compromise the kernel and elevate privileges. Read more.

Two spyware tied with China found hiding on the Google Play Store

Source: pradeo

This week, our engine detected two spyware hiding on the Google Play Store and affecting up to 1.5 million users. Both applications are from the same developer, pose as file management applications and feature similar malicious behaviors. Read more.

New Tool Helps Devs Check For Manifest Confusion Mismatches

Source: Infosecurity Magazine

System administration and self-confessed hacker, Felix Pankratz, published the tool to GitHub on Monday, claiming the Python script can check npm packages for manifest mismatches, and also check all package dependencies recursively. Read more.

New tool exploits Microsoft Teams bug to send malware to users


A member of U.S. Navy’s red team has published a tool called TeamsPhisher that leverages an unresolved security issue in Microsoft Teams to bypass restrictions for incoming files from users outside of a targeted organization, the so-called external tenants. Read more.

Kimsuky Threat Group Using Chrome Remote Desktop

Source: ASEC

AhnLab Security Emergency response Center (ASEC) has recently discovered the Kimsuky threat group using Chrome Remote Desktop. The Kimsuky threat group uses not only their privately developed AppleSeed malware, but also remote control malware such as Meterpreter to gain control over infected systems. Read more.

Threat Alert: Anatomy of Silentbob’s Cloud Attack

Source: Aqua Blog

This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy Tsunami malware, cloud credentials hijack, resource hijack and further infestation of the worm. Read more.

TeamTNT Launches Widespread Attacks Against Cloud Infrastructures

Source: GBHackers

This evolving campaign is consistent with an aggressive cloud worm designed to deploy on exposed JupyterLab and Docker APIs to deploy Tsunami malware, cloud credentials hijack, and resource hijack. Read more.

M365 Phishing Email Analysis – eevilcorp

Source: vade

The malicious HTML file contained JavaScript code designed to collect the email address of the victim and update the page with the content of the variable data used in a callback function. Read more.

New Phishing Attack Spoofs Microsoft 365 Authentication System


TIRC researchers decoded the base64-encoded string when analyzing a malicious domain and obtained results related to Microsoft 365 phishing attacks. Researchers noted that requests for phishing applications were made to eevilcorponline. Read more.

Tailing Big Head Ransomware’s Variants, Tactics, and Impact


Reports of a new ransomware family and its variant named Big Head emerged in May, with at least two variants of this family being documented. Upon closer examination, we discovered that both strains shared a common contact email in their ransom notes, leading us to suspect that the two different variants originated from the same malware developer. Read more.

The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region

Source: zscaler

Discover the intricate layers of a new sophisticated and persistent malware campaign targeting businesses in the LATAM region delivering the TOITOIN Trojan. Delve into the multi-stage attack methodology, from deceptive phishing emails to custom-built modules, as we dissect its techniques and shed light on its impact. Read more.