Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Cyber Attack on MGM Hotel Group
Source: Cybersecurity INSIDERS
MGM Resorts has officially announced an ongoing investigation into a cybersecurity incident that has severely impacted various aspects of its operations, including company emails, reservation records, room access systems, and even casino slot machines. Read more.
Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild – Update Now
Source: The Hacker News
Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Read more.
Beware of Fake Browser Updates that Install Malware on Systems
Source: GBHackers
Rapid7 researchers recently identified a Fake Browser Update lure that tricks users into running malicious binaries, using a new loader to deploy the following info stealers on compromised systems. Read more.
Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack
Source: The Hacker News
The flaw “could allow an attacker to exploit a race condition within GitHub’s repository creation and username renaming operations,” Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News. Read more.
Scary New IT Admin Attack Exposes Your MFA Weakness
Source: KnowBe4
Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within organizations’ networks. Read more.
Redfly: Espionage Actors Continue to Target Critical Infrastructure
Source: Symantec
Symantec’s Threat Hunter Team has found evidence that a threat actor group Symantec calls Redfly used the ShadowPad Trojan to compromise a national grid in an Asian country for as long as six months earlier this year. The attackers managed to steal credentials and compromise multiple computers on the organization’s network. Read more.
Clop Gang Stolen Data From Major North Carolina Hospitals
Source: Security Affairs
The Microsoft-owned healthcare technology firm Nuance revealed that the Clop extortion gang has stolen personal data on major North Carolina hospitals as part of the Progress MOVEit Transfer campaign. Read more.
Understanding the Cyber Kill Chain: A Comprehensive Guide to Cybersecurity
Source: Security Boulevard
The Cyber Kill Chain is a strategic framework that outlines the stages of a cyberattack, from the initial planning and reconnaissance to the final objective the attacker achieves. This concept borrows its name and inspiration from military terminology, where a “kill chain” refers to the sequence of events leading to the destruction of a target. Read more.
Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients
Source: The Hacker News
It all started with an SMS phishing attack aimed at its employees, in which the threat actors masqueraded as a member of the IT team and instructed the recipients to click on a seemingly legitimate link to address a payroll-related issue. Read more.
FBI Hacker USDoD Leaks Highly Sensitive TransUnion Data
Source: Security Affairs
A threat actor who goes by the moniker “USDoD” announced the leak of highly sensitive data allegedly stolen from the credit reporting agency. The leaked database, over 3GB in size, contains sensitive PII of about 58,505 people, all across the globe, including the America and Europe. Read more.
RedLine Stealer : A new variant surfaces, Deploying using Batch Script
Source: CYFIRMA
In this analysis, we delve into a trending information stealer RedLine. This investigation reveals a novel strain of malware that is being disseminated in the guise of a counterfeit document, packaged within a zip archive that houses a batch script file. Read more.
BlackCat ransomware hits Azure Storage with Sphynx encryptor
Source: BLEEPING COMPUTER
The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets’ Azure cloud storage. Read more.
Covert Delivery of Cobalt Strike Beacon via Sophos Phishing Website
Source: CYBLE
Cyble Research & Intelligence Labs (CRIL) came across a typosquatted domain of Sophos, “sopbos[.]com”, using a VirusTotal search. The phishing site impersonates the installation of the Sophos Home. Read more.
5 Password Cracking Techniques Used in Cyber Attacks
Source: proofpoint
To help your organization significantly reduce its risk of data loss and account compromise, we’ve put together a list of some of the most common password cracking techniques, how they work, and tips for keeping your organization safe. Read more.