Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Microsoft Alerts More Users in Update to Midnight Blizzard Hack
Source: GBHackers
Microsoft has issued a new alert to its users, updating them on the continued threat posed by Midnight Blizzard, a Russian state-sponsored hacking group also known as NOBELIUM. Read more.
Remote access giant TeamViewer says Russian spies hacked its corporate network
Source: TechCrunch
In a statement Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard). Read more.
New InnoSetup Malware Created Upon Each Download Attempt
Source: ASEC
Unlike past malware which performed malicious behaviors immediately upon being executed, this malware displays an installer UI and malicious behaviors are executed upon clicking buttons during the installation process. Read more.
Polyfill Supply Chain Attack Hits Over 100k Websites
Source: SECURITY WEEK
On Tuesday, security researchers at Sansec and C/side confirmed that the cdn.polyfill.io domain is injecting malicious code into more than 100,000 websites that are using it. Read more.
Medusa Reborn: A New Compact Variant Discovered
Source: Cleafy
Analysing the evolution of Medusa samples over the past few months, it is clear that TAs aim to enhance the efficiency of the available features while simultaneously strengthening the botnet by refactoring the permissions required during the installation phase. Read more.
UAC-0184 Abuses Python in DLL Sideloading for XWORM Distribution
Source: CYBLE
CRIL recently observed a malware campaign targeting Ukraine using the Remote Access Trojan (RAT) known as XWorm. Upon investigation, it was found that this campaign is associated with the Threat Actor (TA) group UAC-0184. Read more.
New security loophole allows spying on internet users visiting websites and watching videos
Source: Tech Xplore
No malicious code is required to exploit this vulnerability, known as “SnailLoad,” and the data traffic does not need to be intercepted. All types of end devices and internet connections are affected. Read more.
Cyber attack compromised Indonesia data centre, ransom sought
Source: Reuters
A cyber attacker compromised Indonesia’s national data centre, disrupting immigration checks at airports, and asked for an $8 million ransom, the country’s communications minister told Reuters on Monday. Read more.
CDK Global outage caused by BlackSuit ransomware attack
Source: BLEEPING COMPUTER
The negotiations come after the BlackSuit ransomware attack forced CDK to shut down its IT systems and data centers to prevent the attack’s spread, including its car dealership platform. The company tried restoring services on Wednesday but suffered a second cybersecurity incident, causing it to shut down all IT systems again. Read more.
Fickle Stealer Distributed via Multiple Attack Chain
Source: FORTINET
In May 2024, FortiGuard Labs observed a Rust-based stealer. In addition to its intricate code, the stealer is distributed using a variety of strategies and has a flexible way of choosing its target. Because of this ambiguity, we decided to call it Fickle Stealer. Read more.