Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
Source: Aqua
These vulnerabilities could have impacted any organization in the world that has ever used any of these services. In this blog, we thoroughly explain the “Shadow Resource” attack vector, which may lead to resource squatting, and the “Bucket Monopoly” technique that dramatically increases the success rate of an attacker. Read more.
Vulnerability in Windows Driver Leads to System Crashes
Source: Infosecurity Magazine
This issue, identified by Fortra cybersecurity researcher, Ricardo Narvaja, highlights a flaw that could allow an unprivileged user to cause a system crash, resulting in Blue Screen of Death (BSOD). Read more.
A Dive into Earth Baku’s Latest Campaign
Source: Trend Micro
The group uses public-facing applications such as IIS servers as entry points, deploying advanced malware toolsets such as the Godzilla webshell, StealthVector, StealthReacher, and SneakCross. Read more.
Unmasking the Overlap Between Golddigger and Gigabud Android Malware
Source: Cyble
Gigabud is now using sophisticated phishing tactics, distributing its malware by disguising it as legitimate airline applications. These fake apps are being circulated through phishing sites that closely mimic the official Google Play Store, aiming to deceive unsuspecting users. Read more.
The i-Soon-Leaks: Industrialization of Cyber Espionage
Source: BfV
The internal documents show the extent of cooperation between the Chinese cybersecurity company i-Soon and the Chinese government and intelligence services. In four consecutive reports BfV examines the leak in detail and describes the level of industrialization of cyber espionage activities by privately organized companies, who carry out cyber-attacks for state entities. Read more.
Double Trouble: Latrodectus and ACR Stealer observed spreading via Google Authenticator Phishing Site
Source: Cyble
The phishing site’s primary goal is to deceive users into downloading a file that purports to be Google Authenticator. In reality, this file is a malicious application designed to install additional malicious software on the victim’s system. The malicious file drops two distinct types of malware: Latrodectus and ACR Stealer. Read more.
Botnet 7777: Are You Betting on a Compromised Router?
Source: Team Cymru
Identification of a potential expansion of the Quad7 threat operator’s modus operandi to include a second tranche of bots, characterized by an open port 63256. The port 63256 botnet appears to be comprised mainly of infected Asus routers. Read more.
Thousands of Devices Wiped Remotely Following Mobile Guardian Hack
Source: Security Week
According to the company, which specializes in MDM solutions for the education sector, it detected unauthorized access to its platform on August 4. In response to the intrusion, servers were shut down to contain the incident and prevent further disruption. The incident involved unauthorized access to iOS and Chrome OS devices enrolled in the Mobile Guardian platform. Read more.
Google warns of an actively exploited Android kernel flaw
Source: Security Affairs
Google fixed a high-severity flaw, tracked as CVE-2024-36971, impacting the Android kernel. The IT giant is aware that the vulnerability has been actively exploited in the wild. The company did not share details of the attacks exploiting this vulnerability. The vulnerability is a remote code execution impacting the kernel. Read more.
APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
Source: Cisco Talos
The activity conducted on the victim endpoint matches the hacking group APT41, alleged by the U.S. government to be comprised of Chinese nationals. Talos assesses with medium confidence that the combined usage of malware, open-source tools and projects, procedures and post-compromise activity matches this group’s usual methods of operation. Read more.