Cyber Briefing

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday. First time seeing this? Please subscribe. 🚨 Cyber Alerts 💥 Cyber Incidents 📢 Cyber News Subscribe and Comment. Copyright © 2023 CyberMaterial. All Rights Reserved. Follow CyberMaterial on: LinkedIn, Twitter, Reddit, Instagram, Facebook, Youtube, and Medium.

3 Mar 202357s

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday. First time seeing this? Please subscribe. 🚨 Cyber Alerts 1. CISA Releases Free Tool to Map Threat Actor Behavior to MITRE ATT&CK Framework 2. BlackLotus: The First Malware to Bypass Secure Boot 3. APT27 Iron Tiger Expands Malware Toolkit to Target Linux Devices Subscribe and Comment. Copyright © 2023 CyberMaterial. All Rights Reserved. Follow CyberMaterial on: LinkedIn, Twitter, Reddit, Instagram, Facebook, Youtube, and Medium.

2 Mar 202354s

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity news, advisories, alerts and incidents every weekday. First time seeing this? Please subscribe. 🚨 Cyber Alerts 1. CISA Red Team Cybersecurity Assessment 2. Parallax RAT targets crypto firms 3. EXFILTRATOR-22: A New Ransomware Threat 4. Twitter Outage Worldwide

1 Mar 202353s

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity news, advisories, alerts and incidents every weekday. First time seeing this? Please subscribe.

28 Feb 20231min

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts and incidents every weekday. First time seeing this? Please subscribe.

27 Feb 20231min

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts and incidents every weekday. First time seeing this? Please subscribe. 🚨 Cyber Alerts 1. ESET Discovers Lazarus APT Group's WinorDLL64 Payload in Wslink Downloader Cybersecurity firm ESET has identified the WinorDLL64 payload as part of the Wslink downloader, which runs as a server and executes received modules in memory. ESET has attributed the Lazarus APT group, notorious for high-profile attacks on both public and private entities, to the malware based on the targeted region and similarities in behavior and code with known Lazarus samples. The backdoor WinorDLL64 acquires extensive system information, enables file manipulation, and executes additional commands, communicating over a connection already established by the Wslink loader. 2. Fraudulent ChatGPT Social Media Page Used to Spread Malware OpenAI's ChatGPT, which has attracted over 100 million users since its launch in November 2022, has been exploited by threat actors to distribute malware and carry out other cyber attacks, according to Cyble Research and Intelligence Labs (CRIL). CRIL has detected several phishing websites that are being promoted through a fraudulent OpenAI social media page to spread various types of malware, and several phishing sites are impersonating ChatGPT to steal credit card information. Furthermore, various families of Android malware are using the icon and name of ChatGPT to mislead unsuspecting users into downloading malicious applications, leading to the theft of sensitive information from Android devices. 3. Magecart Skimmer Collects IP Addresses and Browser User Agents to Create Unique Victim Profile Malwarebytes Labs has detected a new Magecart skimmer that not only steals sensitive information from unsuspecting victims but also records their IP address and browser user agent. The skimmer uses iframes to create a page identical to that of an official payment platform, and the victim is unaware that their data has been compromised. The cybercriminals may be collecting this additional data for quality checks and to monitor for any invalid users, such as bots and security researchers, showcasing the advanced capabilities of modern skimming techniques. Online merchants should implement proactive and robust security defenses to protect against such threats. 4. European Commission Temporarily Bans TikTok on Employee Devices for Cybersecurity Reasons The European Commission's Corporate Management Board has suspended the use of TikTok on all devices issued to employees or devices that employees use for work purposes. The move is part of the Commission's efforts to increase its cybersecurity measures, amid growing worries over the Chinese-owned video sharing app. The EU's decision follows similar moves in the US, where over half of the states and Congress have banned TikTok from official government devices. TikTok is now required to be deleted from all devices used for professional business by employees by March 15. 5. Unknown Asian hacking group 'Clasiopa' targets materials research organizations with unique toolset Cybersecurity firm Symantec has uncovered a new threat actor dubbed 'Clasiopa' targeting materials research organisations in Asia with an unknown set of tools. The hacking group may have ties to India, due to its use of the Sanskrit term 'Saptarishi' and the password 'iloveindea1998^_^'. However, Symantec warned that the information may have been planted as false flags, and that the group's methods remain unknown.

24 Feb 202359s

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts and incidents every weekday. First time seeing this? Please subscribe. Cyber Alerts Backdoor malware found on hundreds of servers after exploit of ConnectWise vulnerability Cybersecurity company Fox-IT has discovered that an attack targeting the ZK Java framework of ConnectWise's R1Soft Server Backup Manager software has led to hundreds of servers being infiltrated with backdoors. While ConnectWise warned customers of the vulnerability back in October 2022, the flaw - a form of authentication bypass - has continued to be exploited, with Fox-IT finding evidence of it being used to gain server access since late November of that year. Fox-IT has now released indicators of compromise (IoCs) to help organizations determine whether they have been targeted using the vulnerability. Hydrochasma: A New Threat Actor Using Open-Source Tools for Intelligence-Gathering Campaigns Shipping companies and medical laboratories in Asia are being targeted in an intelligence-gathering campaign by a new threat actor, Hydrochasma, using open-source tools exclusively. Although no data exfiltration has been observed, the tools deployed could potentially allow for remote access and data exfiltration. The campaign, which began in October 2022, targets industries that may be involved in COVID-19 treatments or vaccines. Over 15,000 Spam Packages Flood Open Source NPM Repository To Distribute Phishing Links A recent report by Checkmarx warns of a massive campaign that deployed over 15,000 spam packages in the NPM repository to distribute phishing links. The attackers used automated processes to create the packages with descriptions and names that closely resembled one another. The rogue packages were designed to trick users into downloading them and clicking on the links to the phishing sites that promised increased followers on social media platforms.

23 Feb 202359s

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts and incidents every weekday. First time seeing this? Please subscribe. MyloBot Botnet: A Threat That Keeps Evolving Data Centers Under Attack: Malicious Cyber Activity Targets Critical Supply Chain Organizations Google Working to Harden Android Firmware Security Beyond OS Technical Difficulties Interrupt Putin's Address to Parliament Activision Confirms Data Breach Due to SMS Phishing Attack

22 Feb 202355s