Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
ZenRAT: Malware Brings More Chaos Than Calm
Source: Proofpoint
Proofpoint identified a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden. The malware is specifically targeting Windows users and will redirect people using other hosts to a benign webpage. Read more.
Sony Investigating After Hackers Offer to Sell Stolen Data
Source: SECURITY WEEK
Sony has launched an investigation after a cybercrime group claimed to have compromised the company’s systems, offering to sell stolen data. Read more.
The Rhysida Ransomware Group Hit The Kuwait Ministry of Finance
Source: Security Affairs
This week the Rhysida ransomware group claimed responsibility for the attack and added the ministry to the list of victims on its Tor leak site. The group also published a set of documents as proof of the hack. Read more.
Pay Attention: Hackers Are Targeting LastPass Users With Phishing Emails
Source: PC Mag
If you’re a LastPass user, be on guard for phishing emails in your inbox. Hackers are launching waves of malicious messages impersonating the password manager. Read more.
Cisco Catalyst SD-WAN Manager flaw allows remote server access
Source: BLEEPING COMPUTER
The most severe of the disclosed flaws impacting the product is CVE-2023-20252 (CVSS v3.1: 9.8), which allows unauthorized access due to issues with the Security Assertion Markup Language (SAML) APIs. Read more.
Android Banking Trojan Zanubis Evolves to Target Peruvian Users
Source: Infosecurity Magazine
The Android banking Trojan Zanubis has taken on a new guise, posing as the official app for the Peruvian governmental organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria). Read more.
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
Source: The Hacker News
A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. Read more.
Malicious ad served inside Bing’s AI chatbot
Source: Malwarebytes LABS
In this blog, we show how users searching for software downloads can be tricked into visiting malicious sites and installing malware directly from a Bing Chat conversation. Read more.
Chinese Hackers Stole 60,000 US State Department Emails from Microsoft
Source: HACK READ
Apart from stealing tens of thousands of emails from official accounts, the attackers obtained a list of all email accounts belonging to the State Department, Reuters reported. Read more.
PurpleFox Resurfaces Via Spam Emails: A Look Into Its Recent Campaign
Source: CYBLE
On September 25th, CRIL encountered an intriguing Microsoft Word document named “Invoice-891920.docx” on VirusTotal. Subsequent investigation revealed that it employs a novel approach to deliver the malware known as “PurpleFox.” Read more.
New Campaign Distributes Malicious npm and PyPI Packages to Pilfer Kubernetes Config, SSH Keys
Source: SOCRadar
Researchers have discovered a concerning surge in deceptive npm and PyPI packages distributed as part of a malicious campaign, aimed at extracting Kubernetes configurations and SSH keys from compromised systems. Read more.
Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org
Source: Symantec
Most recently, the Threat Hunter Team in Symantec, part of Broadcom, discovered Budworm using an updated version of one of its key tools to target a Middle Eastern telecommunications organization and an Asian government. Read more.
‘Snatch’ Ransom Group Exposes Visitor IP Addresses
Source: Krebs on Security
The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord. Read more.
People’s Republic of China-Linked Cyber Actors Hide in Router Firmware
Source: CISA
BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships for pivoting from international subsidiaries to headquarters in Japan and the U.S. — the primary targets. Read more.