Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Qakbot botnet infrastructure shattered after international operation
Europol has supported the coordination of a large-scale international operation that has taken down the infrastructure of the Qakbot malware and led to the seizure of nearly EUR 8 million in cryptocurrencies. Read more.
Cisco BroadWorks Application Software Flaw Let Attackers conduct XSS Attack
The lack of file validation and broken access control on the vulnerable upload servlet allows any authenticated user to upload a file, which could be abused to run arbitrary code on the server. Read more.
BadBazaar Malware Attacking Android Users via Weaponized Telegram & Signal Apps
The primary objective of BadBazaar is to steal device information such as the contact list, call logs, and the list of installed applications, as well as to spy on Signal conversations by secretly attaching the victim’s Signal Plus Messenger app to the attacker’s mobile device. Read more.
Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer
Source: SECURITY WEEK
SapphireStealer dumps the harvested data in a working directory to stage it for exfiltration, and creates a subdirectory to collect victim files that have the .txt, .pdf, .doc, .docx, .xml, .img, .jpg, and .png extensions. The harvested data is sent to the attackers over the Simple Mail Transfer Protocol (SMTP). Read more.
Phishing Attacks Surge Despite Increased Awareness, New Strategies Needed
The study calls for a “better strategy.” It calls for a renewed and coordinated approach involving proactive policy regimes, government-backed anti-phishing strategies, and legal action against organizations facilitating these attacks. Read more.
Victim records deleted after spyware vendor compromised
Source: Malwarebytes LABS
The hackers responsible for this attack claim to have broken into the server via “several security vulnerabilities” which allowed them to initially gain a foothold. From there they went on to exploit additional flaws in the app developer’s web dashboard, downloading all records including customer email addresses. Read more.
Microsoft reminds users Windows will disable insecure TLS soon
Source: BLEEPING COMPUTER
The transition is expected to have minimal impact on Windows home users, with limited anticipated issues. However, enterprise admins are advised to conduct tests to identify and subsequently update or replace any affected apps. Read more.
Why is .US Being Used to Phish So Many of Us?
Source: Krebs on Security
Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Read more.
Understanding Firewalls – Types, Configuration, and Best Practices for Effective Network Security
Firewalls are typically used to protect against malware and network-based threats. Modern firewalls can also monitor and alert for suspicious network activities, administer access controls, and protect databases and applications. Read more.
Risk Fact #4: Malware in your Cloud means Exploitation is underway
Source: Qualys Community
The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit (TRU) provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights will enable organizations using cloud technologies to better understand these risks and how they can be better prepared to face those challenges in today’s threat landscape. Read more.
Two real-life examples of why limiting permissions works: Lessons from AWS CIRT
To quote VP and Distinguished Engineer at Amazon Security, Eric Brandwine, “Least privilege equals maximum effort.” This is the idea that creating and maintaining the smallest possible set of privileges needed to perform a given task will require the largest amount of effort, especially as customer needs and service features change over time. Read more.
CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware
Infamous Chisel is a collection of components targeting Android devices that the authoring organizations have attributed to Sandworm, the Russian Main Intelligence Directorate’s (GRU’s) Main Centre for Special Technologies, GTsST. The malware’s capability includes network monitoring, traffic collection, network backdoor access via The Onion Router (Tor) and Secure Shell (SSH), network scanning, and Secure Copy Protocol (SCP) file transfer. Read more.
VMConnect supply chain attack continues, evidence points to North Korea
Source: REVERSING LABS
The research team has continued monitoring PyPI and now has identified three more malicious Python packages that are believed to be a continuation of the VMConnect campaign: tablediter, request-plus, and requestspro. Read more.
7 LinkedIn Scams to Watch Out For
Whether you’re a seasoned professional or a newcomer to the platform, knowing the common LinkedIn scams can save you many headaches. From fake job offers to crypto promotions, let’s go over what you should be watching out for to protect both your career and your wallet. Read more.