Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
Source: The Hacker News
A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. Read more.
Third-party data breach affecting Canadian government could involve data from 1999
Source: The Register
The government of Canada has confirmed its data was accessed after two of its third-party service providers were attacked. The third parties both provided relocation services for public sector workers and the government is currently analyzing a “significant volume of data” which could date back to 1999. Read more.
Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals
Source: The Hacker News
The ransomware strain known as Play is now being offered to other threat actors “as a service,” new evidence unearthed by Adlumin has revealed. Read more.
DarkGate and PikaBot Phishing Campaign is Using Qakbot Tactics
Source: Security Boulevard
The operators behind a phishing campaign that is distributing the DarkGate and PikaBot malware is using many of the techniques attributed to the notorious QakBot operation that was taken down by law enforcement agencies in August. Read more.
Citrix warns admins to kill NetScaler user sessions to block hackers
Source: BLEEPING COMPUTER
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 ‘Citrix Bleed’ vulnerability to secure vulnerable devices against attacks. Besides applying the necessary security updates, they’re also advised to wipe all previous user sessions and terminate all active ones. Read more.
Anonymous Sudan DDoS Attack Cloudflare Decoded
Source: Security Boulevard
Cloudflare swiftly acknowledged the DDoS attack, emphasizing that it exclusively impacted the www.cloudflare.com website, leaving their broader range of products and services unscathed. A Cloudflare spokesperson assured users that no customer data or services were compromised during the incident. This emphasizes that the website operates on separate infrastructure designed to prevent any collateral damage. Read more.
Malware dev says they can revive expired Google auth cookies
Source: BLEEPING COMPUTER
The Lumma information-stealer malware (aka ‘LummaC2’) is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Read more.
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers
Source: DARK READING
North Korean threat actors are posing as both job recruiters and job seekers on the Web, deceiving companies and applicants for financial gain and, possibly, to gain access into Western organizations. Read more.
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login
Source: The Hacker News
The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix, Synaptics, and ELAN that are embedded into the devices. Read more.
Welltok Data Breach Impacted 8.5 Million Patients in the U.S.
Source: Security Affairs
The company disclosed a data breach that exposed the personal data of nearly 8.5 million patients (8,493,379) in the U.S.. On July 26, 2023, threat actors hacked the company’s MOVEit Transfer server. Read more.
ClearFake Campaign Spreads macOS AMOS Information Stealer
Source: Security Affairs
Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus web browser update as part of the ClearFake campaign. Read more.
PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
Source: HELP NET SECURITY
A vulnerability researcher has published a detailed analysis of CVE-2023-46214 and has consolidated the steps required for exploitation into a Python script. If specific prerequisites are met, the script should open a remote command prompt. Read more.
Hackers Hijack Industrial Control System at US Water Utility
Source: SECURITY WEEK
The Municipal Water Authority of Aliquippa in Pennsylvania has confirmed that hackers took control of a system associated with a booster station over the weekend, but said there was no risk to the water supply. Read more.
GE servers hacked n DARPA Military Info Leaked
Source: Cybersecurity INSIDERS
General Electric, commonly referred to as GE, a multinational corporation engaged in the fields of renewable energy, aerospace, and power, has fallen prey to a cyber attack resulting in the leakage of sensitive information related to DARPA Military operations. Read more.