Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
THE RHYSIDA RANSOMWARE: ACTIVITY ANALYSIS AND TIES TO VICE SOCIETY
Source: CHECK POINT RESEARCH
Our analysis shows both a technical similarity between the two groups, and a clear correlation between the emergence of Rhysida and the disappearance of Vice Society. In addition, the two groups share a focus on two main sectors which stand out in the ransomware ecosystem: education and healthcare. Read more.
UNRAVELING SCATTERED SPIDER: A STEALTHY AND PERSISTENT THREAT ACTOR TARGETING TELECOM NETWORKS
Source: AVERTIUM
Scattered Spider, or UNC3944, is a financially motivated threat actor known for its clever use of social engineering tactics to infiltrate target devices. They are persistent, stealthy, and swift in their operations. Once inside, Scattered Spider avoids specialized malware and instead relies on reliable remote management tools to maintain access. Read more.
Mac systems turned into proxy exit nodes by AdLoad
Source: AT&T Cybersecurity
AdLoad, a package bundler, has been observed delivering a wide range of payloads throughout its existence. During AT&T Alien Labs’ investigation of its most recent payload, it was discovered that the most common component dropped by AdLoad during the past year has been a proxy application turning MacOS AdLoad victims into a giant, residential proxy botnet. Read more.
TargetCompany Ransomware Deploy Fully Undetectable Malware on SQL Server
Source: GBHackers
Similar to previous cases, the latest TargetCompany ransomware exploits weak SQL servers for initial stage deployment, aiming for persistence via diverse methods, including altering URLs or paths until Remcos RAT execution succeeds. Read more.
Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published online
Source: Security Affairs
The Police Service of Northern Ireland (PSNI) has mistakenly shared sensitive data of all 10,000 serving police officers in response to a Freedom of Information (FOI) request. The request aimed at determining the numbers of PSNI officers. Read more.
Microsoft Patch Tuesday For August ’23 Addresses 84 Flaws
Source: Latest Hacking News
Microsoft has rolled out the scheduled Patch Tuesday updates for August 2023, ensuring automatic updates for all devices. Yet, users should still check for system updates manually to ensure receiving all security fixes timely. This month’s update bundle is important because it addresses two critical zero-day vulnerabilities alongside other security flaws. Read more.
MoustachedBouncer: Espionage against foreign diplomats in Belarus
Source: welivesecurity
Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets. The group uses two separate toolsets that we have named NightClub and Disco. Read more.
Stealthy Malicious MSI Loader – Overlapping Technique and Infrastructure with BatLoader
Source: CYFIRMA
Remarkably, the MSI Loader employs a similar evasion technique to that of the BatLoader. Additionally, recent observations indicate that the threat actor has leveraged the AnyDesk application to conceal the loader, adding to its deceptive tactics. Read more.
Unmasking Ransomware Groups: Their Targets, Infamous Instances, And Devastating Financial Impact
Source: K7 SECURITY
In this article, we present the top 7 most dangerous ransomware groups. Taking immediate action and implementing strong cybersecurity measures is crucial as these ransomware groups pose a significant threat to businesses and infrastructure. Read more.
LAPSUS$ ANALYSIS FINDS NEED FOR BETTER IAM, MFA DEPLOYMENTS
Source: DECIPHER
Lapsus$ members favored simple, easy-to-execute attacks to gain access to their targets. A report released Thursday by the Cyber Safety Review Board shows that Lapsus$ actors relied on old fashioned research, reconnaissance, and simple yet effective tactics to exploit procedural and behavioral weaknesses rather than technical ones. Read more.
Exclusive: An email security vendor is leaving 2M domains open to phishing hacks, study finds
Source: AXIOS
A security researcher has uncovered a way to spoof at least 2 million email domain names for phishing attacks that requires little or no expertise to use, according to research shared first with Axios. Phishing, which often relies on spoofed email addresses, remains one of the top entry points for malicious hackers looking to install malware or conduct social engineering campaigns Read more.
Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations
Source: proofpoint
Threat actors utilized EvilProxy – a phishing tool based on a reverse proxy architecture, which allows attackers to steal MFA-protected credentials and session cookies. This rising threat combines sophisticated Adversary-in-the-Middle phishing with advanced account takeover methods, in response to the growing adoption of multifactor authentication by organizations. Read more.
Phishing via AWS
Source: AVANAN
This starts with a standard-looking phishing email, requesting a password reset. For many users, this email may be enough to stop engaging. Security services may be able to pick up on it, given the discrepancy in sender address. But the link in the address goes to an AWS S3 bucket, which is legitimate. Read more.
Understanding Active Directory Attack Paths to Improve Security
Source: The Hacker News
From an attacker’s POV, Active Directory serves as a great opportunity for conducting lateral movement, as gaining that initial access allows them to move from a low-privileged user to a more valuable target – or even to fully take over – by exploiting misconfigurations or overly excessive permissions. Read more.