Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
The Growing Danger of Blind Eagle: One of Latin America’s Most Dangerous Cyber Criminal Groups Targets Colombia
Source: CHECK POINT
Check Point Research (CPR) has uncovered a series of ongoing, targeted cyber campaigns by Blind Eagle (APT-C-36)—one of Latin America’s most dangerous threat actors. Days after Microsoft released a fix for CVE-2024-43451, the group began employing a comparable technique involving harmful .url files, showing how attackers can turn security updates into weapons against their victims. Read more.
SideWinder targets the maritime and nuclear sectors with an updated toolset
Source: SECURE LIST
It is worth noting that SideWinder constantly works to improve its toolsets, stay ahead of security software detections, extend persistence on compromised networks, and hide its presence on infected systems. Based on our observation of the group’s activities, we presume they are constantly monitoring detections of their toolset by security solutions. Read more.
Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links
Source: The Hacker News
The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. The campaign is estimated to have claimed approximately 900 victims since the fall 2024, the Russian cybersecurity company added, indicating its widespread nature. Read more.
Malware of the Day – IPv6 Address Aliasing
Source: Active Counter Measures
The introduction of IPv6 brought with it a wealth of new features over its predecessor, IPv4. One of the most interesting of these features is its flexibility in address assignment, which allows for a concept known as IPv6 aliasing. Aliasing is essentially the ability for a host to assign multiple IPv6 addresses to itself, all of which can then be used interchangeably. Read more.
The Next Level: Typo DGAs Used in Malicious Redirection Chains
Source: UNIT 42
We have uncovered a new campaign in which an attacker leverages newly registered domains (NRDs) and introduces a new variant of DGAs potentially designed to avoid detection. We found this through our novel graph-intelligence based pipeline. The system infers attack campaigns by correlating domain registrations with hosting infrastructure, passive DNS and WHOIS data. Read more.
Zen and the Art of Microcode Hacking
Source: Bug Hunters
We are releasing the full details of EntrySign, the AMD Zen microcode signature validation vulnerability which we initially disclosed last month. In this post, we first discuss the background of what microcode is, why microcode patches exist, why the integrity of microcode is important for security, and how AMD attempts to prevent tampering with microcode. Read more.
Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes
Source: Human Security
BADBOX 2.0, like its predecessor, begins with backdoors on low-cost consumer devices that enable threat actors to load fraud modules remotely. These devices communicate with command-and-control (C2) servers owned and operated by a series of distinct but cooperative threat actors. Read more.
Silk Typhoon targeting IT supply chain
Source: Microsoft
Microsoft Threat Intelligence identified a shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions like remote management tools and cloud applications to gain initial access. Read more.
Android zero-day vulnerabilities actively abused. Update as soon as you can
Source: Malwarebytes Labs
Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately. Read more.
Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility
Source: The Register
Qilin – the “no regrets” ransomware crew wreaking havoc on the global healthcare industry – just claimed responsibility for fresh attacks on a cancer treatment clinic in Japan and a women’s healthcare facility in the US. Read more.