InfoSec Articles (05/07/24 – 05/21/24)

Welcome to our biweekly cybersecurity roundup. In these weblog posts, we characteristic curated articles and insights from consultants, offering you with invaluable info on the most recent cybersecurity threats, applied sciences, and finest practices to maintain your self and your group protected. Whether or not you’re a cybersecurity skilled or a involved particular person, our biweekly weblog publish is designed to maintain you knowledgeable and empowered.

For extra articles, try our #onpatrol4malware weblog.

AWS Route 53 DNS Resolver Firewall

Supply: Malware Patrol

Amazon Route 53 is a Area Title System (DNS) service that connects person requests to Web purposes working on AWS or on-premises. Among the many options this service presents is safety by way of the Route 53 Resolver DNS Firewall. It permits the usage of AWS Managed Area Lists, in addition to customized Area Lists (exterior sources or your individual). Learn extra.

Grandoreiro banking trojan unleashed: X-Power observing rising international campaigns

Supply: Safety Intelligence

Evaluation of the malware revealed main updates inside the string decryption and area producing algorithm (DGA), in addition to the power to make use of Microsoft Outlook purchasers on contaminated hosts to unfold additional phishing emails. Learn extra.

New Risk Insights Reveal That Cybercriminals More and more Goal the Pharmacy Sector

Supply: Proofpoint

At a taxonomy division stage, “pharmacy” job roles superior from the quantity 35 rank within the per-user assault index common in 2023 to the highest spot within the per-user assault index common in Q1 2024. VIP job roles rank second, whereas finance providers roles rank fourth. Learn extra.

New Antidot Android Banking Trojan Masquerading as Pretend Google Play Updates

Supply: CYBLE

Antidot incorporates a variety of malicious options, together with overlay assaults and keylogging, permitting it to compromise units and harvest delicate info. Learn extra.

Payload Developments in Malicious OneNote Samples

Supply: UNIT42

Our evaluation of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme the place attackers use a number of photos to lure individuals into clicking or interacting with OneNote information. The interplay then executes an embedded malicious payload. Learn extra.

Risk actors misusing Fast Help in social engineering assaults resulting in ransomware

Supply: Microsoft Safety

The noticed exercise begins with impersonation by way of voice phishing (vishing), adopted by supply of malicious instruments, together with distant monitoring and administration (RMM) instruments like ScreenConnect and NetSupport Supervisor, malware like Qakbot, Cobalt Strike, and in the end Black Basta ransomware. Learn extra.

FBI seize BreachForums hacking discussion board used to leak stolen information

Supply: BLEEPING COMPUTER

The web site is now displaying a message stating that the FBI has taken management over it and the backend information, indicating that regulation enforcement seized each the positioning’s servers and domains. Learn extra.

Foxit PDF “Flawed Design” Exploitation

Supply: CHECK POINT

Examine Level Analysis has recognized an uncommon sample of conduct involving PDF exploitation, primarily concentrating on customers of Foxit Reader. This exploit triggers safety warnings that would deceive unsuspecting customers into executing dangerous instructions. Examine Level Analysis has noticed variants of this exploit being actively utilized within the wild. Learn extra.

Hackers Use DNS Tunneling to Scan and Observe Victims

Supply: Infosecurity Journal

“On this utility of DNS tunneling, an attacker’s malware embeds info on a selected person and that person’s actions into a novel subdomain of a DNS question. This subdomain is the tunneling payload, and the DNS question for the absolutely certified area title (FQDN) makes use of an attacker-controlled area,” the weblog defined. Learn extra.

Ebury is alive however unseen: 400k Linux servers compromised for cryptocurrency theft and monetary acquire

Supply: welivesecurity

Among the many victims are many internet hosting suppliers. The gang leverages its entry to the internet hosting supplier’s infrastructure to put in Ebury on all of the servers which might be being rented by that supplier. As an experiment, we rented a digital server from one of many compromised internet hosting suppliers: Ebury was put in on our server inside seven days. Learn extra.

Leave a Reply

Your email address will not be published. Required fields are marked *