Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks

Source: The Hacker News

A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. Read more.

Third-party data breach affecting Canadian government could involve data from 1999

Source: The Register

The government of Canada has confirmed its data was accessed after two of its third-party service providers were attacked. The third parties both provided relocation services for public sector workers and the government is currently analyzing a “significant volume of data” which could date back to 1999. Read more.

Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals

Source: The Hacker News

The ransomware strain known as Play is now being offered to other threat actors “as a service,” new evidence unearthed by Adlumin has revealed. Read more.

DarkGate and PikaBot Phishing Campaign is Using Qakbot Tactics

Source: Security Boulevard

The operators behind a phishing campaign that is distributing the DarkGate and PikaBot malware is using many of the techniques attributed to the notorious QakBot operation that was taken down by law enforcement agencies in August. Read more.

Citrix warns admins to kill NetScaler user sessions to block hackers


Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 ‘Citrix Bleed’ vulnerability to secure vulnerable devices against attacks. Besides applying the necessary security updates, they’re also advised to wipe all previous user sessions and terminate all active ones. Read more.

Anonymous Sudan DDoS Attack Cloudflare Decoded

Source: Security Boulevard

Cloudflare swiftly acknowledged the DDoS attack, emphasizing that it exclusively impacted the www.cloudflare.com website, leaving their broader range of products and services unscathed. A Cloudflare spokesperson assured users that no customer data or services were compromised during the incident. This emphasizes that the website operates on separate infrastructure designed to prevent any collateral damage. Read more.

Malware dev says they can revive expired Google auth cookies


The Lumma information-stealer malware (aka ‘LummaC2’) is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Read more.

DPRK Hackers Masquerade as Tech Recruiters, Job Seekers


North Korean threat actors are posing as both job recruiters and job seekers on the Web, deceiving companies and applicants for financial gain and, possibly, to gain access into Western organizations. Read more.

New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login

Source: The Hacker News

The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix, Synaptics, and ELAN that are embedded into the devices. Read more.

Welltok Data Breach Impacted 8.5 Million Patients in the U.S.

Source: Security Affairs

The company disclosed a data breach that exposed the personal data of nearly 8.5 million patients (8,493,379) in the U.S.. On July 26, 2023, threat actors hacked the company’s MOVEit Transfer server. Read more.

ClearFake Campaign Spreads macOS AMOS Information Stealer

Source: Security Affairs

Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus web browser update as part of the ClearFake campaign. Read more.

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)


A vulnerability researcher has published a detailed analysis of CVE-2023-46214 and has consolidated the steps required for exploitation into a Python script. If specific prerequisites are met, the script should open a remote command prompt. Read more.

Hackers Hijack Industrial Control System at US Water Utility


The Municipal Water Authority of Aliquippa in Pennsylvania has confirmed that hackers took control of a system associated with a booster station over the weekend, but said there was no risk to the water supply. Read more.

GE servers hacked n DARPA Military Info Leaked

Source: Cybersecurity INSIDERS

General Electric, commonly referred to as GE, a multinational corporation engaged in the fields of renewable energy, aerospace, and power, has fallen prey to a cyber attack resulting in the leakage of sensitive information related to DARPA Military operations. Read more.