Cybersecurity Digest #53: 27/06/2022 – 08/07/2022

Cybersecurity news

  • Security researchers are warning that hackers can abuse online programming learning platforms to remotely launch cyberattacks, steal data, and scan for vulnerable devices, simply by using a web browser.
  • A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine. Dubbed OrBit by Intezer Labs security researchers who first spotted it, this malware hijacks shared libraries to intercept function calls by modifying the LD_PRELOAD environment variable on compromised devices.
  • The developer of the AstraLocker ransomware code is reportedly ceasing operations and turning attention to the far simpler art and crime of cryptojacking. The ransomware’s developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform.
  • A new ransomware operation called RedAlert, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The ransomware has been called ‘RedAlert’ based on a string used in the ransom note. However, from a Linux encryptor, the threat actors call their operation ‘N13V’.
  • The Django project, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability exists in Django’s main branch, and versions 4.1, 4.0, and 3.2.
  • Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors. The malware, dubbed Raspberry Robin, spreads via infected USB devices.
  • A New, remarkably sophisticated malware is attacking routers. Researchers say the remote-access Trojan ZuoRAT has infected at least 80 different targets.

Cybersecurity Blog Posts

Research and analytics

  • MITRE specialists have published top 25 most dangerous software weaknesses. This list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.
  • Imperva partnered with the Marsh McLennan Cyber Risk Analytics Center to analyze API-related incident data. Their research results suggest that the lack of secure APIs could negatively impact your business, and underscores the importance of investing in a comprehensive API security solution.
  • CyberCube has issued a report Global Threat Briefing: threat actor activity update and predictions for H1 2022. In that report is a greater understanding of the key cyber actors, their motivations, and how these lead to the utilization of specific techniques will help (re)insurers and brokers predict how and where future attacks could arise and inform estimations of attack frequency and severity.
  • Atlas VPN has released a report where it analyzed the amount of fines GDPR. A research reveals that GDPR fines hit a total of €97.29 million in the first half of 2022, an increase of 92% over H1 2021. In addition, according to the data analyzed by the Atlas VPN team, cybercriminals looted $1.97 billion from 175 crypto project hacks in the first half of 2022. The Ethereum ecosystem suffered the most, with more than $1 billion stolen in 32 events.
  • The Unit 42 division of Palo Alto Networks analyzed the danger of the Brute Ratel C4 tool used by Red Team in their study.
  • Kaspersky ICS CERT researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan. Infected machines included engineering computers in building automation systems that are part of the infrastructure of a telecommunications company.

Major Cyber Incidents