Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Cybercrime Supply Chain 2023:
Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them
Interisle researchers, using data from the Cybercrime Information Center, analyzed more than 10 million cybercrime records and found distinct, persistent patterns of exploitation and abuse covering a 365-day period from September 2022 to August 2023. Read more.
Android Malware Masquerades As Chrome Browser Reads SMS & Intercepts Emails
Cybersecurity researchers at K7 Security Labs recently identified Rusty Droid RAT, a stealthy Android malware masquerading as a Chrome browser to read SMS and intercept emails. Read more.
The Rise of S3 Ransomware: How to Identify and Combat It
Source: The Hacker News
Despite S3 being a secure service from a reputable provider, its pivotal role in handling vast amounts of sensitive data (customer personal information, financial data, intellectual property, etc.), provides a juicy target for threat actors. Read more.
Quishing: Tricks to look out for
Source: HELP NET SECURITY
By now, most people know what a QR code looks like and that they need to scan it to get to information “embedded” in it. Unfortunately, not many users know that QR codes are not inherently safe and may be used for malicious purposes. Read more.
New iLeakage attack steals emails, passwords from Apple Safari
Source: BLEEPING COMPUTER
Academic researchers created a new speculative side-channel attack they named iLeakage that works on all recent Apple devices and can extract sensitive information from the Safari web browser. Read more.
The Danger of Forgotten Pixels on Websites: A New Case Study
Source: The Hacker News
Recently, Reflectiz, an advanced website security solution provider, released a case study focusing on a forgotten and misconfigured pixel that had been associated with a leading global healthcare provider. This overlooked piece of code surreptitiously gathered private data without user consent, potentially exposing the company to substantial fines and damage to its reputation. Read more.
ServiceNow quietly addresses unauthenticated data exposure flaw from 2015
Source: The Register
ServiceNow’s widgets act as powerful APIs for the platform’s Service Portal. Despite a code change earlier this year to improve safety, the default configuration of these widgets was to set their records public, meaning that if they’re left unchanged, they will return the type of data an attacker specifies. Read more.
The Duck is Hiring in Italy: DUCKTAIL Spread via Compromised LinkedIn Profiles
Cluster25 observed a malicious campaign that employs LinkedIn messages as a vector for executing identity theft attacks. In this campaign, compromised LinkedIn accounts are utilized to send messages to users with the aim of compromising their accounts by illicitly procuring their cookies, session data, and browser credentials. Read more.
Trojanized PyCharm Software Version Delivered via Google Search Ads
Source: The Hacker News
A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. Read more.
Latest Cloudflare distributed denial-of-service report details record-setting attack
Source: silicon ANGLE
The record-breaking attack in question hit an unprecedented 201 million requests per second. The figure is notably higher than the previous largest recorded attack, which stood at 71 million rps and was detailed by Cloudflare in February. Read more.
A cascade of compromise: unveiling Lazarus’ new campaign
The adversary demonstrated a high level of sophistication, employing advanced evasion techniques and introducing SIGNBT malware for victim control. In addition, other malware found in memory included Lazarus’ prominent LPEClient, a tool known for victim profiling and payload delivery that has previously been observed in attacks on defense contractors and the cryptocurrency industry. Read more.
Citrix Bleed: Leaking Session Tokens with CVE-2023-4966
Earlier this month Citrix released a security bulletin which mentioned “unauthenticated buffer-related vulnerabilities” and two CVEs. These issues affected Citrix NetScaler ADC and NetScaler Gateway. Read more.
Hackers Cripple Five Ontario Hospitals by Hitting a Single Service Provider
Five hospitals in Canada are unable to continue normal caretaking of patients due to a cyberattack against their joint service provider. Non-emergency patients are told to visit their local clinic. Read more.
Hacktivism in the Israel-Hamas Conflict | Citizen Data Leaked Using Old Malware
So far, the use of novel malware/scareware and tools such as Redline Stealer and PrivateLoader by these threat actors continue to target Israeli citizens, businesses, and critical sector entities, causing data leaks and widespread disruptions. Read more.