InfoSec Articles (10/17/23 - 10/24/23)

Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Hackers Using Secure USB Drives To Attack Government Entities

Source: GBHackers

An ongoing attack on government agencies in the APAC region has been claimed to have compromised a secure USB device with hardware encryption. Read more.

Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000

Source: SECURITY WEEK

The exploited vulnerability is CVE-2023-20198, a critical flaw affecting the IOS XE web interface that can be exploited by remote, unauthenticated attackers for privilege escalation. Read more.

Google Play Protect Introduces Real-Time Code-Level Scanning for Android Malware

Source: The Hacker News

Google has announced an update to its Play Protect with support for real-time scanning at the code level to tackle novel malicious apps prior to downloading and installing them on Android devices. Read more.

A Threat Actor Is Selling Access To Facebook And Instagram’s Police Portal

Source: Security Affairs

The portal allows law enforcement agencies to request data relating to users (IP, phones, DMs, device info) or request the removal of posts and the ban of accounts. Read more.

DarkGate malware campaign

Source: W/ Labs

It rapidly became apparent that the lure documents and targeting were very similar to recent DuckTail infostealer campaigns, and it was possible to pivot through opensource data from the DarkGate campaign to multiple other infostealers which are very likely being used by the same actor/group. Read more.

Another InfoStealer Enters the Field, ExelaStealer

Source: FORTINET

FortiGuard Labs research reveals that ExelaStealer is a largely open-source InfoStealer with paid customizations available from the threat actor. Read more.

Ragnar Locker ransomware group taken down

Source: Malwarebytes LABS

Even though it had a long run for a ransomware group, it seems the bell might be tolling for Ragnar Locker. On October 19, 2023, the group’s leak site was seized by an international group of law enforcement agencies. Read more.

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Source: TREND MICRO

In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane. Read more.

Clever malvertising attack uses Punycode to look like KeePass’s official website

Source: CISA

In a recent malvertising campaign, we observed a malicious Google ad for KeePass, the open-source password manager which was extremely deceiving. Read more.

CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide

Source: CISA

The update includes new prevention tips such as hardening SMB protocols, revised response steps, and added threat hunting insights. Read more.

Walmart Jumps to Top Spot as the Most Impersonated Brand for Phishing Scams in Q3 2023

Source: CHECK POINT

Our latest Brand Phishing Report for Q3 2023 highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials during July, August and September 2023. Read more.

Email Security Best Practices for Phishing Prevention

Source: TREND MICRO

Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk. Read more.

Threat Actors Breached Okta Support System And Stole Customers’ Data