Welcome to our biweekly cybersecurity roundup. In these weblog posts, we function curated articles and insights from consultants, offering you with worthwhile info on the most recent cybersecurity threats, applied sciences, and greatest practices to maintain your self and your group protected. Whether or not you’re a cybersecurity skilled or a involved particular person, our biweekly weblog submit is designed to maintain you knowledgeable and empowered.
For extra articles, try our #onpatrol4malware weblog.
Repute Hijacking with JamPlus: A Maneuver to Bypass Good App Management (SAC)
Supply: CYBLE
This marketing campaign makes use of a lately demonstrated proof-of-concept (PoC) that repurposes the JamPlus construct utility to execute malicious scripts whereas evading detection. Learn extra.
Risk Actors Exploit GeoServer Vulnerability CVE-2024-36401
Supply: FORTINET
A number of OGC request parameters enable distant code execution (RCE) by unauthenticated customers via specifically crafted enter in opposition to a default GeoServer set up as a result of unsafely evaluating property names as XPath expressions. Learn extra.
BlindEagle Targets Colombian Insurance coverage Sector with BlotchyQuasar
Supply: Zscaler
BlindEagle has leveraged a model of BlotchyQuasar for assaults, which is closely protected by a number of nested obfuscation layers. Learn extra.
Hacker entice: Pretend OnlyFans software backstabs cybercriminals, steals passwords
Supply: BLEEPING COMPUTER
Hackers are focusing on different hackers with a pretend OnlyFans software that claims to assist steal accounts however as an alternative infects risk actors with the Lumma stealer information-stealing malware. Learn extra.
Banking Trojans: Mekotio Appears to Develop Targets, BBTok Abuses Utility Command
Supply: TREND MICRO
Infamous Mekotio and BBTok are having a resurgence focusing on Latin American customers. Mekotio’s newest variant suggests the gang behind it’s broadening their goal, whereas BBTok is seen abusing MSBuild.exe to evade detection. Learn extra.
Mallox ransomware: in-depth evaluation and evolution
Supply: SECURE LIST
Within the first half of 2024, the malware was nonetheless being actively developed, with new variations being launched a number of occasions a month, whereas the Mallox RaaS associates program marketed on darkish net boards was looking for new companions. Learn extra.
Revival Hijack – PyPI hijack method exploited within the wild, places 22K packages in danger
Supply: JFrog
This assault method entails hijacking PyPI software program packages by manipulating the choice to re-register them as soon as they’re faraway from PyPI’s index by the unique proprietor; a way we’ve dubbed “Revival Hijack”. Learn extra.
Hacker Leaks Information of 390 Million Customers from VK, a Russian Social Community
Supply: HACK READ
A hacker utilizing the alias “HikkI-Chan” has leaked the non-public particulars of over 390 million VK customers (particularly, 390,425,719) on the infamous cybercrime and hacker platform Breach Boards. Learn extra.
In plain sight: Malicious advertisements hiding in search outcomes
Supply: We Dwell Safety
Malvertising campaigns sometimes contain risk actors shopping for high advert area from search engines like google to lure potential victims into clicking on their malicious advertisements; attackers have delivered advertisements imitating well-liked software program equivalent to Blender, Audacity, GIMP, and MSI Afterburner, to call a number of. Learn extra.
North Korean risk actor Citrine Sleet exploiting Chromium zero-day
Supply: Microsoft
Citrine Sleet mostly infects targets with the distinctive trojan malware it developed, AppleJeus, which collects info essential to seize management of the targets’ cryptocurrency property. Learn extra.