Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla

Source: Zscaler

Threat actors strategically utilize words like “orders” and “invoices” in spam emails to encourage users to download malicious attachments containing CVE-2017-11882. Threat actors include a VBS file in their infection chain to add a layer of complexity to analysis and deobfuscation attempts. Threat actors use the RegAsm.exe file to carry out malicious activities under the guise of a genuine operation. Read more.

Malware leveraging public infrastructure like GitHub on the rise

Source: ReversingLabs

Here are two novel techniques deployed on GitHub that were discovered by ReversingLabs. The first abuses GitHub Gists, and the second issues commands through git commit messages. Read more.

BlackCat Rises: Infamous Ransomware Gang Defies Law Enforcement

Source: Infosecurity Magazine

Despite law enforcement efforts to take down the notorious ALPHV/BlackCat ransomware gang, the cybercriminals are not going down without a fight. Latest developments have shown that the site that was supposedly ‘taken down’ by the FBI has now been ‘unseized.’ Read more.

Behind the Scenes of Matveev’s Ransomware Empire: Tactics and Team

Source: The Hacker News

Matveev is said to lead a team of six penetration testers – 777, bobr.kurwa, krbtgt, shokoladniy_zayac, WhyNot, and dushnila – to execute the attacks. The group has a flat hierarchy, fostering better collaboration between the members. Read more.

Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa

Source: Symantec

The attackers used a variety of tools in this activity, which occurred in November 2023, including leveraging the MuddyC2Go infrastructure, which was recently discovered and documented by Deep Instinct. Researchers on Symantec’s Threat Hunter Team, part of Broadcom, found a MuddyC2Go PowerShell launcher in the activity we investigated. Read more.

Millions of Xfinity customers’ info, hashed passwords feared stolen in cyberattack

Source: The Register

Millions of Comcast Xfinity subscribers’ personal data – including potentially their usernames, hashed passwords, contact details, and secret security question-answers – was likely stolen by one or more miscreants exploiting Citrix Bleed in October. Read more.

Cybercrooks Leveraging Anti Automation Toolkit for Phishing Campaigns

Source: Trellix

Trellix Advanced Research Center has tracked abuse of one more such tool used for quite some time now. Predator, a tool designed to combat bots and web crawlers, can distinguish web requests originating from automated systems, bots, or web crawlers. Read more.