Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Reputation Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC)
Source: CYBLE
This campaign utilizes a recently demonstrated proof-of-concept (PoC) that repurposes the JamPlus build utility to execute malicious scripts while evading detection. Read more.
Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401
Source: FORTINET
Multiple OGC request parameters allow remote code execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Read more.
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
Source: Zscaler
BlindEagle has leveraged a version of BlotchyQuasar for attacks, which is heavily protected by several nested obfuscation layers. Read more.
Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords
Source: BLEEPING COMPUTER
Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. Read more.
Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command
Source: TREND MICRO
Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection. Read more.
Mallox ransomware: in-depth analysis and evolution
Source: SECURE LIST
In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners. Read more.
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk
Source: JFrog
This attack technique involves hijacking PyPI software packages by manipulating the option to re-register them once they’re removed from PyPI’s index by the original owner; a technique we’ve dubbed “Revival Hijack”. Read more.
Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network
Source: HACK READ
A hacker using the alias “HikkI-Chan” has leaked the personal details of over 390 million VK users (specifically, 390,425,719) on the notorious cybercrime and hacker platform Breach Forums. Read more.
In plain sight: Malicious ads hiding in search results
Source: We Live Security
Malvertising campaigns typically involve threat actors buying top ad space from search engines to lure potential victims into clicking on their malicious ads; attackers have delivered ads imitating popular software such as Blender, Audacity, GIMP, and MSI Afterburner, to name a few. Read more.
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
Source: Microsoft
Citrine Sleet most commonly infects targets with the unique trojan malware it developed, AppleJeus, which collects information necessary to seize control of the targets’ cryptocurrency assets. Read more.