Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Tyson Ransomware
Source: EnigmaSoft
The Tyson Ransomware infiltrates systems, encrypts data, and holds files hostage, demanding payment for decryption. Once installed on a device, it immediately starts locking down files and appends a “.tyson” extension to encrypted files. Read more.
Undetected Android Spyware Targeting Individuals In South Korea
Source: CYBLE
The Spyware is capable of exfiltrating sensitive information from an infected device, including SMSs, contact lists, images, and videos. The stolen data, stored openly on the S3 bucket, suggests poor operational security, potentially leading to unintended leaks of sensitive information. Read more.
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections
Source: TREND MICRO
The RansomHub ransomware’s attack chain includes exploiting the Zerologon vulnerability (CVE-2020-1472). Left unpatched, it can enable threat actors to take control of an entire network without needing authentication. Read more.
The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector
Source: Security Affairs
Microsoft Threat Intelligence team revealed that a financially motivated threat actor, tracked as Vanilla Tempest (formerly DEV-0832) is using the INC ransomware for the first time to target the U.S. healthcare sector. Read more.
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
Source: UNIT 42
Splinter is developed in Rust, a relatively new programming language that’s recommended for developing memory-safe software. However, it has densely layered runtime code, which amounts for up to 99% of a program’s code. This density makes analysis a real challenge for malware reverse engineers. Read more.
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
Source: Google Cloud
A key feature of UNC1860 is its collection of specialized tooling and passive backdoors that Mandiant believes supports several objectives, including its role as a probable initial access provider and its ability to gain persistent access to high-priority networks, such as those in the government and telecommunications space throughout the Middle East. Read more.
Walmart customers scammed via fake shopping lists, threatened with arrest
Source: Malwarebytes LABS
Case in point, a malicious ad campaign is abusing Walmart Lists, a kind of virtual shopping list customers can share with family and friends, by embedding rogue customer service phone numbers with the appearance and branding of the official Walmart site. Read more.
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC
Source: TREND MICRO
Threat actor Earth Baxia has targeted a government organization in Taiwan – and potentially other countries in the Asia-Pacific (APAC) region – using spear-phishing emails and the GeoServer vulnerability CVE-2024-36401. Read more.
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader
Source: Google Cloud
UNC2970 targets victims under the guise of job openings, masquerading as a recruiter for prominent companies. Mandiant has observed UNC2970 copy and tailor job descriptions to fit their respective targets. Read more.
Malware locks browser in kiosk mode to steal Google credentials
Source: BLEEPING COMPUTER
Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer. Read more.