Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Check Point Research Warns of New Backdoor used in Targeted Espionage Attacks in North Africa
Source: CHECK POINT
The new backdoor, dubbed “Stealth Soldier,” specializes in surveillance functions like file exfiltration, screen recording, keystroke logging, and stealing browser information. Read more.
MOVEit Transfer Critical Vulnerability (CVE-2023-34362) Exploited as a 0-day
Source: Fortinet
FortiGuard Labs is aware of a critical zero-day SQL injection vulnerability in the MOVEit Secure Managed File Transfer software (CVE-2023-34362) allegedly exploited by the Cl0p ransomware threat actor. High-profile government, finance, media, aviation, and healthcare organizations have reportedly been affected, with data exfiltrated and stolen. Read more.
“Caffeine” Phishing Service Domains, Patterns Still Heavily Used After Store Seemingly Defunct
Source: Cofense
The phishing activity set addressed in this report exclusively uses the domain registrar R01-RU. R01-RU is identified in various hacking forums as a “bulletproof” Russian registrar where threat actors can create and host a domain securely for malicious purposes, without having to worry about losing registered domains to fraud reports and shouldering the sunk cost that comes with it. Read more.
Management of DMARC control for email impersonation of domains in the .co TLD – part 1
Source: ISC SANS
There is a simple control to implement and it is DMARC, which is a control whose purpose is to avoid the impersonation of domains through emails. It requires as a prerequisite the implementation together of two others (SPF and DKIM). Read more.
Management of DMARC control for email impersonation of domains in the .co TLD – part 2
Source: ISC SANS
The syntax errors in the DMARC DNS register are relevant as it constitutes a risk that can be avoided with even automated tasks. For some companies there is awareness on how important are security controls. However, human error becomes a relevant factor of vulnerability. Read more.
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
Source: Microsoft
Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack against banking and financial services organizations. Read more.
Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology
Source: Bitdefender
Bitdefender researchers used a recently announced industry-first app anomaly detection technology incorporated into Bitdefender Mobile Security to uncover a hidden malware campaign living undetected on mobile devices worldwide for more than six months. Read more.
Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence
Source: SentinelLABS
SentinelLabs has been tracking a social engineering campaign by the North Korean APT group Kimsuky targeting experts in North Korean affairs, part of a broader campaign discussed in a recent NSA advisory. Read more.
Cybercrooks Scrape OpenAI API Keys to Pirate GPT-4
Source: DARKReading
API keys allow developers to integrate OpenAI’s technologies — particularly its latest language model, GPT-4 — into their own applications. Often, however, developers forget their keys in their code, making account theft a matter of just a few clicks. Read more.
Barracuda urges customers to replace vulnerable appliances immediately
Source: CSO
A patch for the vulnerability, which has been exploited since October 2022, had been issued by Barracuda last month to stop the exploit from allowing ESG backdooring. Read more.
Asylum Ambuscade: crimeware or cyberespionage?
Source: welivesecurity
In 2022, and as highlighted in the Proofpoint publication, the group targeted government officials in several European countries bordering Ukraine. We assess that the goal of the attackers was to steal confidential information and webmail credentials from official government webmail portals. Read more.
Calm In The Storm: Reviewing Volt Typhoon
Source: HUNTRESS
In this blog, we will explore recent disclosures concerning an actor referred to as “Volt Typhoon,” assessed to be linked by multiple sources to the People’s Republic of China (PRC). Read more.