Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Massive phishing campaign exploits QR codes to steal Microsoft credentials
Source: cybernews
A major unnamed energy company in the US has received over 1000 emails with malicious QR codes. It’s the largest victim of a massive phishing campaign targeting energy, manufacturing, insurance, technology, and financial services companies since May. Read more.
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks
Source: The Hacker News
The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock, Midnight Blizzard, and The Dukes). Read more.
Vulnerability Comparison: Android vs. iOS in the Face of Cyber Attacks
Source: Cybersecurity INSIDERS
However, the debate over which operating system is more vulnerable to cyber-attacks has been ongoing. In this article, we will delve into the factors that contribute to the security of Android and iOS, exploring their strengths and weaknesses in the realm of cyber threats. Read more.
Hackers use VPN provider’s code certificate to sign malware
Source: BLEEPING COMPUTER
The China-aligned APT (advanced persistent threat) group known as ‘Bronze Starlight’ was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider. Read more.
Microsoft DNS boo-boo breaks Hotmail for users around the globe
Source: The Register
Someone at Microsoft has some explaining to do after a messed-up DNS record caused emails sent from accounts using Microsoft’s Outlook Hotmail service to be rejected and directed to spam folders starting on Thursday. Read more.
Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams
Source: Malwarebytes LABS
Fast forward to 2023, another 3 years have gone by and this campaign is still going as if nothing has happened. The tactics and techniques are very similar, but the infrastructure is now more robust than before to defeat potential takedown attempts. Read more.
The Weaponization of AI Demands More Robust Cybersecurity Training
Source: Security Boulevard
Despite all the headlines about how AI will make human workers redundant, well-trained employees are only becoming more essential for cybersecurity. As cybercriminals increasingly use AI in social engineering attacks, cybersecurity awareness training (CSAT) has never been more critical for keeping companies safe. Read more.
Mass-spreading campaign targeting Zimbra users
Source: welivesecurity
According to ESET telemetry, the greatest number of targets are located in Poland, followed by Ecuador and Italy. Target organizations vary: adversaries do not focus on any specific vertical with the only thing connecting victims being that they are using Zimbra. Read more.
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab
Source: sysdig
The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware, command and control (C2) tools which bypassed firewalls, and kernel-based rootkits to hide their presence. To generate income, the attacker deployed both cryptomining and Russian-affiliated proxyjacking scripts. Read more.
LinkedIn Accounts Under Attack
Source: Cyberint
This campaign is currently affecting individuals worldwide, resulting in a significant number of victims losing access to their accounts. Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts. Read more.
Patch now! Citrix Sharefile joins the list of actively exploited file sharing software
Source: Malwarebytes LABS
According to the Citrix security advisory, this vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24. Customers using ShareFile-managed storage zones in the cloud do not need to take any action. Read more.
What Is Next-Generation Antivirus (NGAV) and How Does It Work?
Source: Heimdal
As the name implies, the Next-Generation Antivirus (NGAV) is the next step in antivirus software. This article will explain how this solution differs from traditional AV or EDR, how it works, and how it could benefit you. Read more.
Cyber Criminals Exploiting Google Drive, OneDrive to Hide Malicious Traffic
Source: GBHackers
Hiding malicious traffic on cloud storage platforms is not an entirely new concept, and threat actors are shifting toward this concept. Security researchers at Insikt recently identified that hackers actively exploit popular and trusted cloud platforms to hide malicious traffic. Read more.
Critical Security Update for Magento Open Source & Adobe Commerce
Source: SUCURi Blog
Last week on August 8th, 2023, Adobe released a critical security patch for Adobe Commerce and the Magento Open Source CMS. The patch provides fixes for three vulnerabilities which affect the popular ecommerce platforms. Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read. Read more.