Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Source: The Hacker News
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account. Read more.
Cisco Finds 8 Vulnerabilities in OAS Industrial IoT Data Platform
Source: SECURITY WEEK
Multiple vulnerabilities in the Open Automation Software (OAS) Platform can be exploited to bypass authentication, leak sensitive information, and overwrite files, Cisco warns. Read more.
MacOS malware has a new trick up its sleeve
Source: HELP NET SECURITY
A newer version of the Atomic Stealer macOS malware has a new trick that allows it to bypass the operating system’s Gatekeeper, Malwarebytes researchers have discovered. Read more.
Phishing via Google Looker Studio
Source: CHECK POINT
In this attack brief, Check Point Harmony email researchers will discuss how hackers are using social engineering with a Google domain, designed to elicit a user response and hand over credentials to crypto sites. Read more.
ELECTIONS SPOTLIGHT: GENERATIVE AI AND DEEP FAKES
Source: CHECK POINT
In this article, we examine the potential impact of recent advancements in generative AI technologies on upcoming democratic elections. In particular, we look at two primary shifts: AI’s ability to craft persuasive, tailored texts for numerous individually targeted dialogues on a massive scale, and its proficiency in generating credible audio-visual content at low cost. Read more.
MITRE and CISA Release Open Source Tool for OT Attack Emulation
Source: SECURITY WEEK
The MITRE Corporation and the US Cybersecurity and Infrastructure Security Agency (CISA) today announced a new extension for the open source Caldera platform that emulates adversarial attacks against operational technology (OT). Read more.
Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
Source: Krebs on Security
Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Read more.
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild
Source: THE CITIZEN LAB
The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim. The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim. Read more.
The Initial Access Broker Economy: A Deep Dive into Dark Web Hacking Forums
Source: BLEEPING COMPUTER
Data breaches and ransomware attacks don’t happen in a vacuum. Instead they are supported by a complex ecosystem of cybercriminals, each fulfilling a specific part of a sophisticated supply chain. This post will examine the advent of initial access brokers and their broader role within the cybercrime ecosystem. Read more.
RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release
The recent attack used information regarding the release of Fukushima wastewater. By using such a spotlight issue in Korea, the threat actor provokes the user’s curiosity and leads them to open the malicious file. Read more.
Chae$ 4: New Chaes Malware Variant Targeting Financial and Logistics Customers
This isn’t just any ordinary Chaes variant. It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced communication protocol. Additionally, it now boasts a suite of new modules that further its malicious capabilities. Read more.
Ukraine says an energy facility disrupted a Fancy Bear intrusion
Source: The Record
A cybersecurity expert working for the targeted organization thwarted the attack, according to the report from Ukraine’s computer emergency response team (CERT-UA). The agency attributed the incident to Kremlin-controlled hackers known as Fancy Bear or APT28. Read more.
DarkGate Loader Malware Delivered via Microsoft Teams
Until now DarkGate Loader was seen delivered via traditional email malspam campaigns similar to those of Emotet. In August an operator started using Microsoft Teams to deliver the malware via HR-themed social engineering chat messages. Read more.
W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365 – report
The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise (BEC) attacks. Read more.