InfoSec Articles (02/13/24 – 02/27/24)


Welcome to our biweekly cybersecurity roundup. In these weblog posts, we function curated articles and insights from consultants, offering you with invaluable info on the most recent cybersecurity threats, applied sciences, and finest practices to maintain your self and your group protected. Whether or not you’re a cybersecurity skilled or a involved particular person, our biweekly weblog put up is designed to maintain you knowledgeable and empowered.

For extra articles, take a look at our #onpatrol4malware weblog.

LockBit ransomware returns, restores servers after police disruption


On Saturday, LockBit introduced it was resuming the ransomware enterprise and launched injury management communication admitting that “private negligence and irresponsibility” led to regulation enforcement disrupting its exercise in Operation Cronos. Learn extra.

A Cyber Assault Hit The Royal Canadian Mounted Police

Supply: Safety Affairs

The Canadian authorities declared that two of its contractors, Brookfield International Relocation Providers (BGRS) and SIRVA Worldwide Relocation & Transferring Providers, have been hacked, ensuing within the publicity of delicate info belonging to an undisclosed variety of authorities staff. Learn extra.

Russian hackers shift to cloud assaults, US and allies warn


APT29’s preliminary cloud breach vectors additionally embody the usage of stolen entry tokens that allow them to hijack accounts with out utilizing credentials, compromised residential routers to proxy their malicious exercise, MFA fatigue to bypass multi-factor authentication (MFA), and registering their very own gadgets as new gadgets on the victims’ cloud tenants. Learn extra.

Attackers exploiting ConnectWise ScreenConnect flaws, fixes accessible for all customers (CVE-2024-1709, CVE-2024-1708)


ConnectWise shared the existence of the 2 flaws on Monday (February 19), when it stated that they’ve been reported by means of their vulnerability disclosure channel through the ConnectWise Belief Middle, and urged clients which might be self-hosted or on-premise to replace their servers to model 23.9.8 as quickly as attainable. Learn extra.

Feds take away Ubiquiti router botnet utilized by Russian intelligence

Supply: SC Media

The botnet was constructed by cybercriminals exterior the GRU who initially put in Moobot malware on Ubiquiti Edge OS routers that could possibly be compromised as a result of they used publicly recognized default administrator passwords. Learn extra.

Earth Preta Marketing campaign Makes use of DOPLUGS to Goal Asia


On this weblog entry, we deal with the Earth Preta marketing campaign, offering an evaluation of the DOPLUGS malware variant that the group used, together with backdoor command habits, integration with the KillSomeOne module, and its evolution. Learn extra.

Migo – a Redis Miner with Novel System Weakening Strategies

Supply: CADO

The malware, named Migo by the builders, goals to compromise Redis servers for the aim of mining cryptocurrency on the underlying Linux host. Learn extra.

Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns


We have now noticed proof that the distribution campaigns for these malware households are associated, with Astaroth and Mekotio being distributed below the identical Google Cloud Venture and Google Cloud storage bucket. Ousaban can be being dropped as a part of the Astaroth an infection course of. Learn extra.

How BRICS Acquired “Rug Pulled” – Crypto Counterfeiting Is On The Rise

Supply: Resecurity

A notable instance of this misleading follow is the emergence of a counterfeit token named ‘BRICS’ not too long ago detected by Resecurity, which exploited the deal with the funding curiosity and potential enlargement of the BRICS intergovernmental group, comprising nations like Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates. Learn extra.

Meta Warns of 8 Spyware and adware Companies Focusing on iOS, Android, and Home windows Units

Supply: The Hacker Information

These companies, per Meta, additionally engaged in scraping, social engineering, and phishing exercise that focused a variety of platforms equivalent to Fb, Instagram, X (previously Twitter), YouTube, Skype, GitHub, Reddit, Google, LinkedIn, Quora, Tumblr, VK, Flickr, TikTok, SnapChat, Gettr, Viber, Twitch, and Telegram. Learn extra.

The put up InfoSec Articles (02/13/24 – 02/27/24) appeared first on Malware Patrol.


Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *