Welcome to our biweekly cybersecurity roundup. In these weblog posts, we characteristic curated articles and insights from consultants, offering you with invaluable info on the most recent cybersecurity threats, applied sciences, and finest practices to maintain your self and your group protected. Whether or not you’re a cybersecurity skilled or a involved particular person, our biweekly weblog publish is designed to maintain you knowledgeable and empowered.
For extra articles, try our #onpatrol4malware weblog.
AWS Route 53 DNS Resolver Firewall
Supply: Malware Patrol
Amazon Route 53 is a Area Title System (DNS) service that connects person requests to Web purposes working on AWS or on-premises. Among the many options this service presents is safety by way of the Route 53 Resolver DNS Firewall. It permits the usage of AWS Managed Area Lists, in addition to customized Area Lists (exterior sources or your individual). Learn extra.
Grandoreiro banking trojan unleashed: X-Power observing rising international campaigns
Supply: Safety Intelligence
Evaluation of the malware revealed main updates inside the string decryption and area producing algorithm (DGA), in addition to the power to make use of Microsoft Outlook purchasers on contaminated hosts to unfold additional phishing emails. Learn extra.
New Risk Insights Reveal That Cybercriminals More and more Goal the Pharmacy Sector
Supply: Proofpoint
At a taxonomy division stage, “pharmacy” job roles superior from the quantity 35 rank within the per-user assault index common in 2023 to the highest spot within the per-user assault index common in Q1 2024. VIP job roles rank second, whereas finance providers roles rank fourth. Learn extra.
New Antidot Android Banking Trojan Masquerading as Pretend Google Play Updates
Supply: CYBLE
Antidot incorporates a variety of malicious options, together with overlay assaults and keylogging, permitting it to compromise units and harvest delicate info. Learn extra.
Payload Developments in Malicious OneNote Samples
Supply: UNIT42
Our evaluation of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme the place attackers use a number of photos to lure individuals into clicking or interacting with OneNote information. The interplay then executes an embedded malicious payload. Learn extra.
Risk actors misusing Fast Help in social engineering assaults resulting in ransomware
Supply: Microsoft Safety
The noticed exercise begins with impersonation by way of voice phishing (vishing), adopted by supply of malicious instruments, together with distant monitoring and administration (RMM) instruments like ScreenConnect and NetSupport Supervisor, malware like Qakbot, Cobalt Strike, and in the end Black Basta ransomware. Learn extra.
FBI seize BreachForums hacking discussion board used to leak stolen information
Supply: BLEEPING COMPUTER
The web site is now displaying a message stating that the FBI has taken management over it and the backend information, indicating that regulation enforcement seized each the positioning’s servers and domains. Learn extra.
Foxit PDF “Flawed Design” Exploitation
Supply: CHECK POINT
Examine Level Analysis has recognized an uncommon sample of conduct involving PDF exploitation, primarily concentrating on customers of Foxit Reader. This exploit triggers safety warnings that would deceive unsuspecting customers into executing dangerous instructions. Examine Level Analysis has noticed variants of this exploit being actively utilized within the wild. Learn extra.
Hackers Use DNS Tunneling to Scan and Observe Victims
Supply: Infosecurity Journal
“On this utility of DNS tunneling, an attacker’s malware embeds info on a selected person and that person’s actions into a novel subdomain of a DNS question. This subdomain is the tunneling payload, and the DNS question for the absolutely certified area title (FQDN) makes use of an attacker-controlled area,” the weblog defined. Learn extra.
Ebury is alive however unseen: 400k Linux servers compromised for cryptocurrency theft and monetary acquire
Supply: welivesecurity
Among the many victims are many internet hosting suppliers. The gang leverages its entry to the internet hosting supplier’s infrastructure to put in Ebury on all of the servers which might be being rented by that supplier. As an experiment, we rented a digital server from one of many compromised internet hosting suppliers: Ebury was put in on our server inside seven days. Learn extra.