Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Cyber Attack on MGM Hotel Group

Source: Cybersecurity INSIDERS

MGM Resorts has officially announced an ongoing investigation into a cybersecurity incident that has severely impacted various aspects of its operations, including company emails, reservation records, room access systems, and even casino slot machines. Read more.

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild – Update Now

Source: The Hacker News

Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Read more.

Beware of Fake Browser Updates that Install Malware on Systems

Source: GBHackers

Rapid7 researchers recently identified a Fake Browser Update lure that tricks users into running malicious binaries, using a new loader to deploy the following info stealers on compromised systems. Read more.

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

Source: The Hacker News

The flaw “could allow an attacker to exploit a race condition within GitHub’s repository creation and username renaming operations,” Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News. Read more.

Scary New IT Admin Attack Exposes Your MFA Weakness

Source: KnowBe4

Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within organizations’ networks. Read more.

Redfly: Espionage Actors Continue to Target Critical Infrastructure

Source: Symantec

Symantec’s Threat Hunter Team has found evidence that a threat actor group Symantec calls Redfly used the ShadowPad Trojan to compromise a national grid in an Asian country for as long as six months earlier this year. The attackers managed to steal credentials and compromise multiple computers on the organization’s network. Read more.

Clop Gang Stolen Data From Major North Carolina Hospitals

Source: Security Affairs

The Microsoft-owned healthcare technology firm Nuance revealed that the Clop extortion gang has stolen personal data on major North Carolina hospitals as part of the Progress MOVEit Transfer campaign. Read more.

Understanding the Cyber Kill Chain: A Comprehensive Guide to Cybersecurity

Source: Security Boulevard

The Cyber Kill Chain is a strategic framework that outlines the stages of a cyberattack, from the initial planning and reconnaissance to the final objective the attacker achieves. This concept borrows its name and inspiration from military terminology, where a “kill chain” refers to the sequence of events leading to the destruction of a target. Read more.

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

Source: The Hacker News

It all started with an SMS phishing attack aimed at its employees, in which the threat actors masqueraded as a member of the IT team and instructed the recipients to click on a seemingly legitimate link to address a payroll-related issue. Read more.

FBI Hacker USDoD Leaks Highly Sensitive TransUnion Data

Source: Security Affairs

A threat actor who goes by the moniker “USDoD” announced the leak of highly sensitive data allegedly stolen from the credit reporting agency. The leaked database, over 3GB in size, contains sensitive PII of about 58,505 people, all across the globe, including the America and Europe. Read more.

RedLine Stealer : A new variant surfaces, Deploying using Batch Script


In this analysis, we delve into a trending information stealer RedLine. This investigation reveals a novel strain of malware that is being disseminated in the guise of a counterfeit document, packaged within a zip archive that houses a batch script file. Read more.

BlackCat ransomware hits Azure Storage with Sphynx encryptor


The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets’ Azure cloud storage. Read more.

Covert Delivery of Cobalt Strike Beacon via Sophos Phishing Website

Source: CYBLE

Cyble Research & Intelligence Labs (CRIL) came across a typosquatted domain of Sophos, “sopbos[.]com”, using a VirusTotal search. The phishing site impersonates the installation of the Sophos Home. Read more.

5 Password Cracking Techniques Used in Cyber Attacks

Source: proofpoint

To help your organization significantly reduce its risk of data loss and account compromise, we’ve put together a list of some of the most common password cracking techniques, how they work, and tips for keeping your organization safe. Read more.