Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
‘Nitrogen’ Ransomware Effort Lures IT Pros via Google, Bing Ads
Source: DARK Reading
Hackers are planting fake advertisements — “malvertisements” — for popular IT tools on search engines, hoping to ensnare IT professionals and perform future ransomware attacks. Read more.
Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws
Source: BLEEPING COMPUTER
Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices. Read more.
How to Setup Microsoft Office 365 DKIM record?
Source: Security Boulevard
DKIM digital signatures are added to outgoing emails, allowing receiving servers to validate the message’s origin and integrity, reducing the risk of email spoofing and phishing. Read more.
KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related
Source: DARK Reading
he results include the top email subjects clicked on in phishing tests and reflect the use of HR business-related messages that pique interest from employees and can potentially affect them. Read more.
Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking
Source: The Hacker News
A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Read more.
Beware of the Barbie Scam: What You Need to Know After the Recent Movie Release
Cybercriminals are always on the lookout for opportunities to make phishing and other scams more attractive and believable. They often leverage popular and well-publicized events such as movie premieres, concerts, or sporting events to trick users into clicking on malicious links. Read more.
Phishing Scam Affects Nearly 170K Henry Ford Health Patients
Source: BANK INFO SECURITY
Michigan-based academic medical provider Henry Ford Health is notifying nearly 170,000 individuals that their protected health information was breached in a recent phishing scam compromising three employees’ email accounts. Read more.
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation
Source: SECURITY WEEK
In a research note posted Wednesday, Wiz calculated that more than 60 percent of AWS environments are running EC2 instances with Zen 2 CPUs and may therefore be affected by the use-after-free memory corruption bug. Read more.
CISA Releases Malware Analysis Reports on Barracuda Backdoors
CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited the vulnerability to gain initial access to victim systems and then implanted backdoors to establish and maintain persistence. Read more.
Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns
Source: TREND MICRO
Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. Read more.
Akira Ransomware Expands to Linux with In-built Tor Website
Akira has been using a Tor website for their communications with perpetrators and for posting the leaked data publicly if their ransom demands are not met from any of the affected organizations. Read more.
Data Loss Prevention for Small and Medium-Sized Businesses
Source: IT SECURITY GURU
Not only large enterprises but small and medium-sized businesses (SMBs) should realise the threat size, its origin, exogenous or from their inner circle, and the potential impact on their assets. Implementing an effective data loss prevention (DLP) strategy to mitigate these cyber threats and safeguard critical data is imperative. Read more.
BlueBravo Adapts to Target Diplomatic Entities with GraphicalProton Malware
Source: Recorded Future
BlueBravo is a threat group tracked by Insikt Group, whose actions align with those of the Russian advanced persistent threat (APT) groups APT29 and Midnight Blizzard, both attributed to Russia’s Foreign Intelligence Service (SVR). Read more.
Flaw in Ninja Forms WordPress plugin allows hackers to steal submitted data
The most critical vulnerability allowed users who were website “Subscribers” or “Contributors” to export all data that other users had submitted via the site’s forms. This is particularly a problem because many WordPress sites allow anyone to register as a “Subscriber” or member. Read more.