Google has patched a zero-day vulnerability in its Chrome browser that was being actively exploited in spyware attacks. The vulnerability, CVE-2023-5217, is a heap buffer overflow issue in the VP8 encoding of open-source libvpx video codec library. Two other high-severity flaws were also fixed in this update: a use-after-free flaw in Passwords (CVE-2023-5186) and a use-after-free bug in Extensions (CVE-2023-5187). #Google #Chrome #ZeroDay #Spyware #Vulnerability
https://www.infosecurity-magazine.com/news/google-patches-chrome-zero-day-1/
US and Japan issue warning on Chinese router attacks. #cybersecurity #China #routerattacks
US and Japan urge implementation of zero trust models to counter Chinese cyber-espionage. #zerotrust #cybersecurity #China
Chinese BlackTech group targets government, industrial, technology, and media sectors in US and Japan. #cyberattacks #BlackTech #China
BlackTech actors exploit routers to gain access to networks and pivot to headquarters. #cybersecurity #BlackTech #routerexploitation
Various router brands, including Cisco, targeted by BlackTech group using customized firmware. #routerthreats #Cisco #BlackTech
Stolen code-signing certificates used by BlackTech to evade detection. #cybersecurity #BlackTech #codetampering
Multinational corporations advised to review subsidiary connections and consider implementing Zero Trust models. #zerotrust #cybersecurity #corporatesecurity
https://www.infosecurity-magazine.com/news/us-and-japan-warn-of-chinese/
Summary: OPNsense firewall has multiple flaws that allow attackers to exploit cross-site scripting (XSS) vulnerabilities and escalate privileges.
Hashtags: #cybersecurity #cybersecuritynews #firewallflaw #OPNsense
'Ransomed.Vc' group, known for its activities on the Dark Web, is targeting Japanese telecommunications giant NTT Docomo. The group demanded a ransom of $1,015,000 from NTT Docomo after Sony refused to meet their demands, leading to the release of stolen data. This raises concerns about a new wave of cyberattacks targeting Japan. Ransomed.Vc started as an underground forum but has evolved into a formidable ransomware syndicate, using GDPR laws to coerce victims. The group also has an affiliate program and appears to be interconnected with other cybercriminal activities. Proactive surveillance is crucial to protect against evolving cyber threats. #cybersecurity #ransomware #datasecurity #cyberattacks
Summary:
1. BlackTech APT hackers have been attacking various sectors since 2010, including government, factories, technology, media, electronics, phones, and the military.
2. They use custom-made malicious software, tools, and techniques to mask their activities and evade detection.
3. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Japan National Police Agency (NPA) have demonstrated the capabilities of BlackTech in modifying router firmware and exploiting routers' domain-trust relationships.
4. BlackTech actors continuously update their tools and steal code-signing certificates to make their malware appear legitimate.
5. Their current campaign targets international subsidiaries of U.S. and Japanese companies.
6. They exploit trusted network relationships to expand their access in target networks.
7. Mitigation steps to combat BlackTech's malicious activity include monitoring unusual traffic and unauthorized downloads, as well as patching vulnerabilities.
Hashtags: #BlackTech #cyberattack #cybersecurity #databreach
https://cybersecuritynews.com/blacktech-apt-hackers-routers/
Summary:
- ZenRAT malware has been discovered, which is being spread through fake Bitwarden installation packages.
- The malware primarily targets Windows users and redirects non-Windows users to benign web pages.
- The method of distribution is unknown, but it could include SEO Poisoning, adware bundles, or email.
- ZenRAT is a modular Remote Access Trojan with information-stealing capabilities.
- The malware is disguised within a standard Bitwarden installation package.
- The malicious website redirects non-Windows users to a cloned opensource.com article.
- Windows users attempting to download Bitwarden for Linux or MacOS are redirected to the genuine Bitwarden site.
- The malicious installer is hosted on the domain crazygameis[.]com and claims to be "Speccy" with an invalid digital signature.
- ZenRAT gathers various system information and sends it to its command and control server.
- The C2 protocol used by ZenRAT involves client-side and server-side communication.
- The malware exhibits various command IDs, including "Send Logs" and "Send Module Results."
- ZenRAT is modular and extensible, but other modules have not been observed in the wild.
Hashtags: #ZenRAT #malware #Bitwarden #Windows #cybersecurity
HiddenGh0st malware attacks MS-SQL & MySQL servers. It uses a hidden rootkit to avoid detection and targets poorly managed servers. The malware can steal QQ Messenger data and collects various information from the infected system. To protect against this malware, defend servers with strong passwords and updated security tools. #cybersecurity #malware
Hacker stole $200 million in cryptocurrency from Mixin Network. #cryptocurrency #Hacks #CyberSecurityNews
ShadowSyndicate is a new Ransomware-as-a-Service (RaaS) provider responsible for multiple ransomware attacks. The threat actor uses various ransomware families and is linked to other ransomware groups. They employ toolkits like Cobalt Strike, IcedID, and Sliver malware for their attacks. The connection was found between their infrastructure and Cl0p/Truebot. There is no confirmation if they are an affiliate or an initial access broker. The threat actor utilizes a single SSH fingerprint on their servers and has multiple server owners involved. Other malware families like Ryuk, Conti, and Trickbot may be involved. Group-IB has published a report detailing their infrastructure and activities. Hashtags: #ShadowSyndicate #Ransomware-as-a-Service #Cybersecurity #Malware.
https://cybersecuritynews.com/shadowsyndicate-raas-provider/
Maltego Technologies has launched SSL Certificate Transparency Transforms for increased vigilance against cyber threats. The tool allows real-time retrieval and analysis of SSL certificates, aiding in the identification of potentially malicious activity. Cert Spotter serves as an alert system for SSL/TLS certificates, providing early warnings for online security. The SSL Certificate Transparency Transforms help identify compromised DNS, abandoned sub-domains, and certificates issued against corporate policies. Access to the tool is available through Maltego's Community or Commercial Hub. #cybersecurity #SSL
Xenomorph Android Banking Malware Attacks 30+ US Banks and Spain institutions, targeting victims through phishing webpages and tricking them into installing malicious APKs. The malware has the capability to manipulate SMS and gain full device control. It uses overlay as its primary method for obtaining sensitive information. Several modules are supported by Samsung and Xiaomi devices, and new commands have been added to mimic other applications. The malware has also been merged with RisePro stealer and uses LummaC2. Communication with the C2 has been updated. Protect yourself from vulnerabilities using Patch Manager Plus. #AndroidMalware #CyberSecurity #CyberSecurityNews
https://cybersecuritynews.com/xenomorph-android-banking-malware/
Researchers have discovered an exploit chain that allows threat actors to install spyware on affected iPhone devices. Apple has released security advisories recommending users install patches for the vulnerabilities. The exploit chain involves a Man-in-the-Middle (MITM) attack and can be delivered through insecure websites. The 0-click exploit does not require any user interaction. Android devices are also affected through different methods. Patch Manager Plus can help users protect themselves from vulnerabilities. #cyberattack #iphone #vulnerability
Ransomware group claims to have hacked all of Sony systems. Sony Group Corporation is a multinational corporation headquartered in Tokyo, Japan. The validity of the data breach is uncertain as Sony has not responded. The group plans to sell the data since Sony refused to pay the ransom. Sony's customers may worry about data protection. Sony joins a growing list of entertainment companies targeted by data breaches. Cybersecurity experts advise against fulfilling ransom demands. Recommendations include blocking common forms of entry and creating offline backups. Managed endpoint solutions can help prevent data breaches. #Ransomware #Sony #CyberAttack #DataBreach #CyberSecurity
Nigerian pleads guilty in US to million-dollar BEC scheme role. Cybercrime. #NigerianFraud #BECscheme
https://www.securityweek.com/nigerian-pleads-guilty-in-us-to-million-dollar-bec-scheme-role/
Stealthy APT Gelsemium observed targeting Southeast Asian government for persistence and intelligence collection. #Cyberwarfare #Cybercrime #Malware #APT
APT group Gelsemium deploys web shells, backdoors, and other tools to establish persistence and deliver malware. #SecurityOperations #ThreatIntelligence #MalwareDelivery
Gelsemium uses web shells like reGeorg, China Chopper, and AspxSpy, along with privilege escalation tools, to carry out attacks. #Webshells #PrivilegeEscalation
Malware such as OwlProxy, SessionManager, and Cobalt Strike beacon deployed to ensure persistence in compromised environment. #Persistence #Malware
Gelsemium APT group targets education, government, and religious organizations in East Asia and the Middle East. #APTGroup #TargetedAttacks
https://www.securityweek.com/stealthy-apt-gelsemium-seen-targeting-southeast-asian-government/
Voting equipment giants collaborate with cybersecurity experts for security and stress testing of election systems. The initiative aims to combat misinformation and enhance transparency in the voting process. #ElectionSecurity #Cybersecurity
Major US voting equipment manufacturers voluntarily open their systems to third-party scrutiny for vulnerability disclosure. The goal is to uncover potential vulnerabilities and instill greater confidence in the voting process. #Transparency #VulnerabilityDisclosure
Leading voting equipment vendors undergo cybersecurity testing to assess the resilience and security of their software and hardware. The initiative promotes collaboration between vendors and security researchers to identify risks and improve election security. #Collaboration #Resilience
The initiative symbolizes a significant step forward in securing the integrity of the US electoral process and aims to bolster trust among American voters in their democratic system. #Integrity #Trust #Election2024
https://www.infosecurity-magazine.com/news/voting-equipment-giants-security/
Summary:
- A cyber-espionage campaign by EvilBamboo targets Tibetan, Uyghur, and Taiwanese individuals and organizations.
- EvilBamboo uses customized Android malware and iOS malware to infiltrate devices.
- The threat actor distributes Android spyware through a cracked version of the Whoscall Android application.
- EvilBamboo creates counterfeit websites to distribute compromised versions of Signal and backdoors other applications.
Hashtags:
#CyberEspionage #EvilBamboo #AndroidMalware #iOSMalware #Tibetan #Uyghur #Taiwanese #Spyware #Whoscall #Signal
https://www.infosecurity-magazine.com/news/china-evilbamboo-targets-mobiles/
Sophisticated APT clusters target Southeast Asia. Researchers discovered three separate clusters of threat actors conducting cyber-espionage attacks in the region. These attacks targeted critical infrastructure, public healthcare institutions, public financial administrators, and government ministries. The clusters were linked to known APT groups, including Stately Taurus (Mustang Panda) and Alloy Taurus. The attacks involved the use of backdoors like ToneShell and ShadowPad, as well as unconventional techniques and innovative backdoors. The findings have been shared with the Cyber Threat Alliance for further action. #Cybersecurity #SoutheastAsia #APTs #CyberEspionage
https://www.infosecurity-magazine.com/news/apt-clusters-target-southeast-asia/
Air Canada has experienced a security breach by an unknown group. The breach compromised the personal information of undisclosed employees. Air Canada has enhanced its security measures and notified relevant authorities. The breach report is under review by the Office of the Privacy Commissioner of Canada. The incident highlights the increasing challenges organizations face with data breaches and cyberattacks. #AirCanada #SecurityBreach #DataProtection #Cybersecurity
In August 2023, the Sandman APT group targeted telecom companies with the LuaDream malware to steal system information in the Middle East, Western Europe, and the South Asian subcontinent. LuaDream is a multi-component backdoor with various capabilities, including managing plugins and exfiltrating data. The malware's development activities were observed in the first half of 2022. The Sandman APT group primarily used DLL hijacking with malicious DLL files to deploy LuaDream. Experts attribute the malware to private contractors. The C2 details showed communication via WebSocket protocol with mode.encagil[.]com. The attribution of Sandman APT and the actors involved remain unknown. The LuaJIT-based backdoor demonstrates ongoing innovation in cyber espionage malware. #SandmanAPT #LuaDream #telecomsecurity #cyberespionage #malware