Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Atlassian patches critical Confluence zero-day exploited in attacks
Source: BLEEPING COMPUTER
Australian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks. Read more.
‘Gay furry hackers’ brag of second NATO break-in, steal and leak more data
Source: The Register
NATO is “actively addressing” multiple IT security incidents after a hacktivist group claimed it once again breached some of the military alliance’s websites, this time stealing what’s claimed to be more than 3,000 files and 9GB of data. Read more.
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
Source: Microsoft
This attack technique demonstrates an approach we’ve seen in other cloud services such as VMs and Kubernetes cluster, but not in SQL Server. The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment. Read more.
LLMs lower the barrier for entry into cybercrime
Source: Help Net Security
Cybercriminals employ evolving attack methodologies designed to breach traditional perimeter security, including secure email gateways, according to Egress. Read more.
Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw
Source: The Hacker News
Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks. Read more.
Mozilla Warns of Fake Thunderbird Downloads Delivering Ransomware
Source: Security Week
Mozilla issued a warning this week over malicious websites offering Thunderbird downloads after a ransomware group was caught using this technique to deliver malware. Read more.
Researcher Reveals New Techniques to Bypass Cloudflare’s Firewall and DDoS Protection
Source: The Hacker News
Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. Read more.
APT Profile: Dark Pink APT Group
Source: SOCRadar
The Dark Pink APT Group is one such entity that has recently caught the attention of security researchers and organizations worldwide. With a series of sophisticated cyberattacks under their belt, this group has become a topic of concern for many. Read more.
Let’s dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix
Source: GROUP-IB
GoldDigger disguises itself as a fake Android application and can impersonate both a Vietnamese government portal and a local energy company. Its main goal is to steal banking credentials. Read more.
Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown
Source: Cisco TALOS
The threat actors behind the Qakbot malware have been conducting a campaign since early August 2023 in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails. Read more.
Understanding Business Email Compromise (BEC) – A Guide
Source: AVERTIUM
In the world of cybersecurity, there are many different kinds of people and groups trying to carry out these attacks, from individual hackers to organized criminal organizations. To protect themselves effectively, organizations need to dive deep into how these attacks work, understand the methods these attackers use, and put strong defenses in place. Read more.
Blackbaud agrees to $49.5 million settlement for ransomware data breach
Source: BLEEPING COMPUTER
Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach. Read more.
Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors
Source: The Hacker News
Targets of the campaign included organizations in the Israeli energy and defense sectors and entities loyal to Fatah, a Palestinian nationalist and social democratic political party headquartered in the West Bank region. Read more.
Spotify Cyberattack: Anonymous Sudan Asserts Involvement in Hour-Long Disruption
Source: The Cyber Express
The nature of the Spotify cyberattack is likely a Distributed Denial of Service (DDoS) attack, as Anonymous Sudan mentioned that it endured for a duration of one hour. Read more.