Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Massive phishing campaign exploits QR codes to steal Microsoft credentials

Source: cybernews

A major unnamed energy company in the US has received over 1000 emails with malicious QR codes. It’s the largest victim of a massive phishing campaign targeting energy, manufacturing, insurance, technology, and financial services companies since May. Read more.

Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks

Source: The Hacker News

The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock, Midnight Blizzard, and The Dukes). Read more.

Vulnerability Comparison: Android vs. iOS in the Face of Cyber Attacks

Source: Cybersecurity INSIDERS

However, the debate over which operating system is more vulnerable to cyber-attacks has been ongoing. In this article, we will delve into the factors that contribute to the security of Android and iOS, exploring their strengths and weaknesses in the realm of cyber threats. Read more.

Hackers use VPN provider’s code certificate to sign malware


The China-aligned APT (advanced persistent threat) group known as ‘Bronze Starlight’ was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider. Read more.

Microsoft DNS boo-boo breaks Hotmail for users around the globe

Source: The Register

Someone at Microsoft has some explaining to do after a messed-up DNS record caused emails sent from accounts using Microsoft’s Outlook Hotmail service to be rejected and directed to spam folders starting on Thursday. Read more.

Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams

Source: Malwarebytes LABS

Fast forward to 2023, another 3 years have gone by and this campaign is still going as if nothing has happened. The tactics and techniques are very similar, but the infrastructure is now more robust than before to defeat potential takedown attempts. Read more.

The Weaponization of AI Demands More Robust Cybersecurity Training

Source: Security Boulevard

Despite all the headlines about how AI will make human workers redundant, well-trained employees are only becoming more essential for cybersecurity. As cybercriminals increasingly use AI in social engineering attacks, cybersecurity awareness training (CSAT) has never been more critical for keeping companies safe. Read more.

Mass-spreading campaign targeting Zimbra users

Source: welivesecurity

According to ESET telemetry, the greatest number of targets are located in Poland, followed by Ecuador and Italy. Target organizations vary: adversaries do not focus on any specific vertical with the only thing connecting victims being that they are using Zimbra. Read more.

LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab

Source: sysdig

The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware, command and control (C2) tools which bypassed firewalls, and kernel-based rootkits to hide their presence. To generate income, the attacker deployed both cryptomining and Russian-affiliated proxyjacking scripts. Read more.

LinkedIn Accounts Under Attack

Source: Cyberint

This campaign is currently affecting individuals worldwide, resulting in a significant number of victims losing access to their accounts. Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts. Read more.

Patch now! Citrix Sharefile joins the list of actively exploited file sharing software

Source: Malwarebytes LABS

According to the Citrix security advisory, this vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24. Customers using ShareFile-managed storage zones in the cloud do not need to take any action. Read more.

What Is Next-Generation Antivirus (NGAV) and How Does It Work?

Source: Heimdal

As the name implies, the Next-Generation Antivirus (NGAV) is the next step in antivirus software. This article will explain how this solution differs from traditional AV or EDR, how it works, and how it could benefit you. Read more.

Cyber Criminals Exploiting Google Drive, OneDrive to Hide Malicious Traffic

Source: GBHackers

Hiding malicious traffic on cloud storage platforms is not an entirely new concept, and threat actors are shifting toward this concept. Security researchers at Insikt recently identified that hackers actively exploit popular and trusted cloud platforms to hide malicious traffic. Read more.

Critical Security Update for Magento Open Source & Adobe Commerce

Source: SUCURi Blog

Last week on August 8th, 2023, Adobe released a critical security patch for Adobe Commerce and the Magento Open Source CMS. The patch provides fixes for three vulnerabilities which affect the popular ecommerce platforms. Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read. Read more.