Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Japan Aviation Electronics Targeted in Ransomware Attack
Source: SECURITY WEEK
While Japan Aviation Electronics has not found evidence of data exfiltration, the Alphv/BlackCat ransomware gang claims to have stolen roughly 150,000 documents from the company, including blueprints, contracts, confidential messages, and reports. Read more.
Microsoft Authenticator Restricts Suspicious MFA Notifications
Source: Latest Hacking News
The Redmond giant has recently announced introducing a new privacy feature to its authenticator app. With this feature, Microsoft Authenticator app now blocks suspicious multi-factor authentication notifications to prevent potential abuse. Read more.
Chinese multinational bank hit by ransomware
Source: HELP NET SECURITY
The state-owned Industrial and Commercial Bank of China (ICBC), which is one of the largest banks in the world, has been hit by a ransomware attack that led to disrupted trades in the US Treasury market. Read more.
After ChatGPT, Anonymous Sudan Took Down The CloudFlare Website
Source: Security Affairs
The hacktivist group Anonymous Sudan claimed responsibility for the massive distributed denial-of-service (DDoS) attack that took down the website of Cloudflare. Cloudflare confirmed that a DDoS attack took down its website for a few minutes and ponited out that it did not impact other products or services. Read more.
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
Source: TREND MICRO
The attacker-controlled reverse proxies function as intermediary servers positioned between the target and a legitimate authentication endpoint, such as the Microsoft 365 login page. When a victim interacts with the fake login page, the reverse proxy presents the genuine login form, manages incoming requests, and conveys responses from the legitimate Microsoft 365 login page. Read more.
Iranian hackers launch malware attacks on Israel’s tech sector
Source: BLEEPING COMPUTER
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms. Imperial Kitten is also known as Tortoiseshell, TA456, Crimson Sandstorm, and Yellow Liderc, and for several years it used the online persona Marcella Flores. Read more.
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan
When opened on a mobile device, the Urdu version of the Hunza News website offers readers the possibility to download the Hunza News Android app directly from the website, but the app has malicious espionage capabilities. Read more.
Routers Targeted for Gafgyt Botnet [Guest Diary]
Source: SANS Internet Storm Center
The threat actor attempts to add my honeypot into a botnet so the threat actor can carry out DDoS attacks. The vulnerabilities used for the attack were default credentials and CVE-2017-17215. To prevent these attacks, make sure systems are patched and using strong credentials. Read more.
Keeping Up with Today’s Top Mobile Spyware Threat Trends
In this post, we will explore trends including the rise of new and more sophisticated types of mobile spyware: nation-level spyware and modified applications. We’ll also present several best practices to help you protect all your organization’s assets. Read more.
Police Seized BulletProftLink Phishing-as-a-Service (PhaaS) Platform
Source: Security Affairs
The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. A joint international operation conducted by the Malaysian police, the FBI, and the Australian Federal Police took down several domains employed in the cybercriminal operation. Read more.
It’s Still Easy for Anyone to Become You at Experian
Source: Krebs on Security
In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. Read more.
The Lorenz Ransomware Group Hit Texas-Based Cogdell Memorial Hospital
Source: Security Affairs
The Lorenz extortion group claimed responsibility for the security breach and added the hospital to its Tor leak site. The group claims to theft of more than 400GB of data, including internal files, patient medical images, and also employee email communications. Read more.
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
Source: The Hacker News
A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a “shift in the persistent actor’s tactics.” Read more.
Chinese APT Targeting Cambodian Government
Source: Unit 42 by Palo Alto
Unit 42 has identified malicious Chinese APT infrastructure masquerading as cloud backup services. Monitoring telemetry associated with two prominent Chinese APT groups, we observed network connections predominately originating from the country of Cambodia, including inbound connections originating from at least 24 Cambodian government organizations. Read more.