Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
How Do I Reduce Security Tool Sprawl in My Environment?
Source: DARK Reading
To security teams, tool consolidation is an opportunity to be more efficient and effective. It also appeals to C-suite executives because it means working with fewer vendors and eliminating hardware, licensing, maintenance, and support costs. Read more.
Inactive, unmaintained Salesforce sites vulnerable to threat actors
Source: CSO
Improperly deactivated and unmaintained Salesforce sites are vulnerable to threat actors who can gain access to sensitive business data and personally identifiable information (PII) by simply changing the host header. Read more.
How to check for new exploits in real time? VulnCheck has an answer
Source: CSO
Cybersecurity professionals who need to track the latest vulnerability exploits now have a new tool designed to make their job easier, with the launch today of VulnCheck XDB, a database of exploits and proof of concepts hosted on Git repositories. Read more.
Shadow Data Concerns, Public Cloud Breaches Remain Sky-High: Here’s How Organizations Can Protect Themselves
Source: Cybersecurity INSIDERS
When developers and data scientists spin up new data stores at the click of a button to out innovate their competition, it’s easy for IT and security teams to lose track of where the data lands. This unknown or “shadow” data is a hot target for cyberadversaries because it is not governed or under the same security controls as the known production datastore. Read more.
Go Phish: How Attackers Utilize HTML Files to Evade Security
Source: Cybersecurity INSIDERS
One case in point: the Incident Response team from our company, Perception Point, recently discovered a new phishing campaign that uses HTML files to conceal malicious scripts, duping unsuspecting users into entering their credentials and divulging sensitive personal data. Read more.
Threat actors can exfiltrate data from Google Drive without leaving a trace
Source: HELP NET SECURITY
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. Read more.
Why organizations should adopt a cloud cybersecurity framework
Source: HELP NET SECURITY
The cloud is the future of enterprise architecture. It’s economical (to a degree), it’s scalable, it’s flexible and – best of all – it’s someone else’s responsibility. Again, to a point. That’s because the cloud comes with its own set of security and governance challenges. Read more.
Novel PyPI Malware Uses Compiled Python Bytecode to Evade Detection
Source: DARK Reading
Malicious packages aren’t new — or particularly rare — in PyPI, but unlike the lot of them, fshec2 contained all of its malicious functionality inside of its compiled code, making it hard to spot as bad news. Read more.
Windows 11: Enforcing password resets for local group users
Source: TechRepublic
In Windows 11, administrators of local user accounts can force members to reset their respective passwords on their next login by making a simple change on a specific configuration screen. Navigating to this screen requires a few steps and may involve a less-than-intuitive flip of more than one switch, but doing so will force you users to reset their Windows 11 login passwords. Read more.
Machine Learning Applications in the Cybersecurity Space
Source: SecurityIntelligence
Among other things, machine learning is often used to identify anomalies by monitoring network behavior, avoiding accessing harmful websites and detecting previously unknown malware. These methods can also protect data in cloud environments. Intrusion detection, malware classification and network analysis are the main security uses of machine learning. Read more.
XFS bug in Linux kernel 6.3.3 coincides with SGI code comeback
11
Source: The Register
A bug in XFS in kernel 6.3.3 has shown up. It only corrupts metadata, rather than file data itself, but that’s still nasty and can stop a system from booting even if the root partition is not on XFS. The Fedora team investigated and traced it to a single line of code. So it’s been found and fixed, but as several commentators have observed, the bug shouldn’t really have been let through at all. Read more.
Qakbot: Retool, Reinfect, Recycle
Source: LUMEN
This botnet has adapted techniques to conceal its infrastructure in residential IP space and infected web servers, as opposed to hiding in a network of hosted virtual private servers (VPSs). Qakbot alternates its means of initial entry to stay ahead of tightening security policies and evolving defenses. Read more.
New Horabot campaign targets the Americas
Source: Talos
Talos discovered that the attacker in this campaign is using multiple hosts, including an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance, accessed through its public URL, to host the malicious files. Read more.
Supply Chain Attack Infiltrates Android Apps with Malicious SDK
Source: CloudSEK
CloudSEK SVigil team’s research found 101 compromised apps with SpinOK Android malware distributed as an advertisement SDK. More worryingly, 43 of these apps are still active on the Play Store, some with 5+ million downloads. Read more.