Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack
Source: SECURITY WEEK
AT&T on Friday said almost all its wireless subscribers were exposed in a massive hack that occurred between April 14 and April 25, 2024, where a hacker exfiltrated files containing “records of customer call and text interactions” between approximately May 1 and October 31, 2022, as well as on January 2, 2023. Read more.
Disney’s Internal Slack Breached? NullBulge Leaks 1.1 TiB of Data
Source: HACK READ
A self-proclaimed hacktivist group named NullBulge, aiming to “protect artists’ rights and ensure fair compensation for their work,” claims to have breached Disney and leaked 1.1 TiB (1.2 TB) of the company’s internal Slack infrastructure. These claims were posted on the notorious cybercrime and hacker platform Breach Forums on July 12, 2024. Read more.
Malware that is ‘not ransomware’ wormed its way through Fujitsu Japan’s systems
Source: The Register
Fujitsu’s description of the unnamed malware made it sound as though it was wormable. After infecting the first machine, it later spread to 48 other business computers, all localized to its internal Japan network. Read more.
Microsoft Employees Data Leaked Online Via Thrid-Patry Data Breach | Exclusive!
Source: Cyber Press
The Cyber Press Research Team uncovered a data leak file that exposed the personal and professional information of 2,073 Microsoft employees obtained from Microsoft’s third-party vendor data breach. A threat actor named @888, which is actively leaking data in underground forums, leaked the Microsoft employees’ data today and claimed it was a third-party breach. Read more.
Ransomware attack on blood-testing service puts lives in danger in South Africa
Source: Bitdefender
On June 22, the BlackSuit ransomware group hit NHLS, leaving it unable to process millions of blood tests. This means serious conditions have been left undiagnosed and lives endangered. This included details of tests that screened for diseases like tuberculosis and HIV/AIDS, as well as the mpox (also known as monkeypox) outbreak that is currently impacting parts of Africa. Read more.
People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action
Source: CISA
Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilize them against target networks possessing the infrastructure of the associated vulnerability. Read more.
Decrypted: DoNex Ransomware and its Predecessors
Source: DECODED avast.io
The DoNex ransomware has been rebranded several times. The first brand, called Muse, appeared in April 2022. Multiple evolutions followed, resulting in the final version of the ransomware, called DoNex. Read more.
Coyote Banking Trojan Targets LATAM with a Focus on Brazilian Financial Institutions
Source: BlackBerry
Coyote is a .NET banking Trojan that has been observed targeting Brazilian financial institutions, primarily banks. It has an execution chain that clearly distinguishes it from other banking Trojans. First identified by researchers in February 2024, Coyote got its name due to the fact it abuses Squirrel, a valid non-malicious software to manage the installation and update of Windows applications. Read more.
Exploring Compiled V8 JavaScript Usage in Malware
Source: CHECK POINT RESEARCH
In recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, rendering it almost impossible to analyze statically. Read more.
Distribution of AsyncRAT Disguised as Ebook
Source: ASEC
The compressed file disguised as an ebook contains a malicious LNK file disguised with a compressed file icon, a text file containing a malicious PowerShell script, additional compressed files disguised with a video file extension, and a normal ebook file. The LNK file contains malicious commands and reads the RM.TXT file containing the PowerShell script to execute it. Read more.