InfoSec Articles (02/27/24 – 03/12/24)


Welcome to our biweekly cybersecurity roundup. In these weblog posts, we function curated articles and insights from consultants, offering you with precious data on the newest cybersecurity threats, applied sciences, and greatest practices to maintain your self and your group protected. Whether or not you’re a cybersecurity skilled or a involved particular person, our biweekly weblog put up is designed to maintain you knowledgeable and empowered.

For extra articles, take a look at our #onpatrol4malware weblog.

The Anatomy of a BlackCat (ALPHV) Assault

Supply: SYGNIA

In 2023, Sygnia’s IR workforce was engaged by a consumer to analyze suspicious actions within the consumer’s community. The actions had been in the end recognized as a monetary extortion assault executed by the BlackCat (ALPHV) ransomware group or one among its associates, and included an enormous knowledge exfiltration. Learn extra.

Delving into Dalvik: A Look Into DEX Information


By a case examine of the banking trojan pattern, this weblog put up goals to present an perception into the Dalvik Executable file format, how it’s constructed, and the way it may be altered to make evaluation simpler. Moreover, we’re releasing a software known as dexmod that exemplifies Dalvik bytecode patching and helps modify DEX recordsdata. Learn extra.

Server Killers Alliances: Right here Is The Listing Of Hacker Teams

Supply: GBHackers

A brand new tweet from Day by day Darkish Internet studies {that a} group known as The Server Killers has shaped an alliance and is planning to launch cyber assaults on Moldova. Learn extra.

TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant

Supply: KROLL

The Kroll Cyber Risk Intelligence (CTI) workforce found new malware resembling the VBScript based mostly BABYSHARK malware that we’ve known as TODDLERSHARK. Learn extra.

Cyber Dragon Assaults And Disables Linkedin

Supply: PRIVACY Affairs

The lesser-known however harmful hacking group Cyber Dragon took Linkedin offline lately on account of an enormous breach. As customers reported, each the web site and the app had been down for greater than 24 hours intermittently. Learn extra.

New Fakext malware targets Latin American banks

Supply: Safety Intelligence

In November 2023, safety researchers at IBM Safety Trusteer discovered new widespread malware dubbed Fakext that makes use of a malicious Edge extension to carry out man-in-the-browser and web-injection assaults. Learn extra.

Test Level Analysis Alerts: Financially Motivated Magnet Goblin Group Exploits 1-Day Vulnerabilities to focus on Publicly Dealing with Servers


Fast Exploitation of 1-Day Vulnerabilities: Risk actor group Magnet Goblin’s hallmark is its skill to swiftly leverage newly disclosed vulnerabilities, significantly focusing on public-facing servers and edge gadgets. In some instances, the deployment of the exploits is inside 1 day after a POC is revealed, considerably rising the menace degree posed by this actor. Learn extra.

TA4903: Actor Spoofs U.S. Authorities, Small Companies in Phishing, BEC Bids

Supply: Proofpoint

TA4903 is a financially motivated cybercriminal menace actor that spoofs each U.S. authorities entities and personal companies throughout many industries. The actor principally targets organizations positioned in america, however often these positioned globally, with high-volume electronic mail campaigns. Proofpoint assesses with excessive confidence the aims of the campaigns are to steal company credentials, infiltrate mailboxes, and conduct follow-on enterprise electronic mail compromise (BEC) exercise. Learn extra.

Watch Out for Spoofed Zoom, Skype, Google Meet Websites Delivering Malware

Supply: The Hacker Information

Risk actors have been leveraging pretend web sites promoting fashionable video conferencing software program resembling Google Meet, Skype, and Zoom to ship quite a lot of malware focusing on each Android and Home windows customers since December 2023. “The menace actor is distributing Distant Entry Trojans (RATs) together with SpyNote RAT for Android platforms, and NjRAT and DCRat for Home windows techniques,” Zscaler ThreatLabz researchers stated. Learn extra.

Ukraine’s GUR Hacked The Russians Ministry of Protection

Supply: Safety Affairs

The paperwork revealed the management of the Russian Ministry, together with different high-ranking officers throughout the divisions of Russian Ministry of Protection. This encompasses deputies, assistants, and specialists, people who used the digital doc administration techniques generally known as ‘bureaucrat’. Learn extra.


Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *