Welcome to our biweekly cybersecurity roundup. In these weblog posts, we characteristic curated articles and insights from consultants, offering you with precious data on the most recent cybersecurity threats, applied sciences, and greatest practices to maintain your self and your group secure. Whether or not you’re a cybersecurity skilled or a involved particular person, our biweekly weblog publish is designed to maintain you knowledgeable and empowered.
For extra articles, try our #onpatrol4malware weblog.
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
Supply: Krebs on Safety
A 22-year-old man from the UK arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and almost 130 different organizations over the previous two years. Learn extra.
New ARM ‘TIKTAG’ assault impacts Google Chrome, Linux techniques
Supply: BLEEPING COMPUTER
A brand new speculative execution assault named “TIKTAG” targets ARM’s Reminiscence Tagging Extension (MTE) to leak knowledge with over a 95% probability of success, permitting hackers to bypass the safety characteristic. Learn extra.
Dipping into Hazard: The WARMCOOKIE backdoor
Supply: Elastic Safety Labs
WARMCOOKIE seems to be an preliminary backdoor software used to scout out sufferer networks and deploy further payloads. Every pattern is compiled with a hard-coded C2 IP tackle and RC4 key. Learn extra.
Operation Celestial Pressure employs cellular and desktop malware to focus on Indian entities
Supply: CISCO TALOS
Cisco Talos is disclosing a brand new malware marketing campaign known as “Operation Celestial Pressure” operating since not less than 2018. It’s nonetheless lively as we speak, using using GravityRAT, an Android-based malware, together with a Home windows-based malware loader we observe as “HeavyLift.” Learn extra.
Ransomware Attackers Could Have Used Privilege Escalation Vulnerability as Zero-day
Supply: Symantec
The Cardinal cybercrime group (aka Storm-1811, UNC4393), which operates the Black Basta ransomware, could have been exploiting a lately patched Home windows privilege escalation vulnerability as a zero-day. Learn extra.
QR code SQL injection and different vulnerabilities in a well-liked biometric terminal
Supply: SECURELIST
Biometric terminals are fairly an intriguing goal for a pentester. Vulnerabilities in these gadgets, positioned on the nexus of the bodily and community perimeters, pose dangers that may be thought of when analyzing the safety of each these perimeters. Learn extra.
SSLoad Malware Employs MSI Installer To Kick-Begin Supply Chain
Supply: GBHackers
Malware distributors use MSI installers as Home windows OS already trusts them to run with administrative rights by bypassing safety controls. For that reason, MSI information are a handy technique of spreading ransomware, spy ware, and different malware that may be handed off as real software program installations. Learn extra.
Vietnamese Entities Focused by China-Linked Mustang Panda in Cyber Espionage
Supply: CYBLE
Cyble Analysis and Intelligence Labs (CRIL) lately got here throughout a marketing campaign using Home windows shortcut (LNK) information related to the Mustang Panda APT group. Learn extra.
New Agent Tesla Marketing campaign Concentrating on Spanish-Talking Individuals
Supply: FORTINET
In-depth analysis on this marketing campaign reveals that it additionally leverages a number of strategies to ship the Agent Tesla core module, reminiscent of utilizing identified MS Workplace vulnerabilities, JavaScript code, PowerShell code, fileless modules, and extra, to guard itself from being analyzed by safety researchers. Learn extra.
Tons of of Web sites Focused by Faux Google Chrome Replace Pop-Ups
Supply: SUCURI Weblog
The an infection course of for this new faux browser replace marketing campaign begins with the injection of malicious code into susceptible web sites. As soon as the web site is compromised, guests are introduced with the next deceptive popup message just a few seconds after the webpage hundreds. Learn extra.