Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
IPStorm botnet dismantled by FBI as hacker pleads guilty to three charges
Source: SC Media
The Federal Bureau of Investigation (FBI) dismantled an international botnet comprising more than 23,000 proxies after the hacker responsible for the network reached a plea deal with authorities. Read more.
The FBI and CISA are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. Read more.
UK labels AI Tools as a cyber threat to National Elections
Source: Cybersecurity INSIDERS
Britain has identified the continued use of AI tools as a significant cyber threat to the upcoming national elections slated for January 2025. Emphasizing the increasing difficulty for security experts to track and neutralize these deepfake threats, particularly in the context of digital elections, the nation has raised concerns about potential interference. Read more.
Samsung Hacked: Customers Personal Information Exposed
The breach was formally confirmed in an email received by this reporter on the night of November 15. Samsung traced the detection of the cyber incursion back to November 13. Although the specific third-party business application remains undisclosed, Samsung ascribes the breach to a flaw. Customers who made purchases between July 1, 2019, and June 30, 2020, are presumed to be impacted. Read more.
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks
Source: The Hacker News
A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. Read more.
Attacker – hidden in plain sight for nearly six months – targeting Python developers
For nearly half a year, a threat actor has been planting malicious Python packages into the open-source repository. Many of the malicious packages were camouflaged with names closely resembling popular legitimate Python packages. Consequently, they received thousands of downloads. Read more.
TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities
From July through October 2023, Proofpoint researchers observed TA402 engage in phishing campaigns that delivered a new initial access downloader dubbed IronWind. The downloader was followed by additional stages that consisted of downloaded shellcode. Read more.
Children’s tablet has malware and exposes kids’ data, researcher finds
The Dragon Touch KidzPad Y88X contains traces of a well-known malware, runs a version of Android that was released five years ago, comes pre-loaded with other software that’s considered malware and a “potentially unwanted program” because of “its history and extensive system level permissions to download whatever application it wants,” and includes an outdated version of an app store designed specifically for kids, according to Hancock’s report, which was released on Thursday and seen by TechCrunch ahead of its publication. Read more.
New ‘Octo’ malware tricks Android users into giving up bank details
Netsafe says it’s not aware of New Zealanders being tricked into giving up their bank details by a sophisticated new malware but it is possible they have without realising. The ABC reported that Russian cyber criminals have targeted hundreds of bank customers across the Tasman with a malware called Octo. Read more.
ALPHV/BlackCat Take Extortion Public
Source: TREND MICRO
ALPHV filed a complaint with the Security and Exchange Commission (SEC) stating their victim (MeridianLink) had not disclosed a breach within the 4 day requirement from the SEC. It appears this is an attempt to influence MeridianLink to pay the ransom sooner than later. This is an interesting spin on the traditional tactic used and one that could become more pronounced in 2024. Read more.
Phishing page with trivial anti-analysis features
Source: SANS Internet Storm Center
Anti-analysis features in phishing pages – especially in those, which threat actors send out as e-mail attachments – are nothing new[1,2]. Nevertheless, sometimes the way that these mechanisms are implemented may still leave one somewhat mystified. This has happened to me a few weeks ago when I found what appeared to be a generic phishing message in one of my spam traps. Read more.
CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector
This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting this critical infrastructure sector. It also identifies known vulnerabilities for organizations to assess their networks and minimize risks before intrusions occur. Read more.
Blacksuit Ransomware linked to Royal Ransomware
Source: Cybersecurity INSIDERS
As per an advisory from the FBI and US-CISA, a forthcoming ransomware variant is set to enter the cybersecurity landscape, marking itself as a rebrand or offshoot of the Royal Ransomware gang, notorious for purportedly amassing around $275 million in 2022. Read more.
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack
Source: SECURITY WEEK
Toyota Financial Services Europe & Africa this week confirmed being targeted in a cyberattack, which appears to have been conducted by a known ransomware group. The Toyota subsidiary said it recently detected unauthorized activity on systems in a limited number of locations. In response, it took some systems offline and they are gradually being brought back online. Read more.