- Cybersecurity researchers have discovered a stealthy backdoor named Effluencethat’s deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server.
- WhatsApp is rolling out a new privacy feature that helps Android and iOS users hide their location during calls by relaying the connection through WhatsApp servers.
- Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims’ files using Cerber ransomware.
- Threat actors infected more than 10,000 devices worldwide with the ‘PrivateLoader’ and ‘Amadey’ loaders to recruit them into the proxy botnet ‘Socks5Systemz.’
- Apple’s “Find My” location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards.
- A WhatsApp mod has been discovered that contains previously unknown malware – a spyware Trojan for Android. It’s called CanesSpy.
- A scientist claims to have developed an inexpensive system for using quantum computing to crack RSA, which is the world’s most commonly used public key algorithm.
- MITRE has announced the release of version 14 of ATT&CK, the widely used knowledge base of adversary tactics and techniques. ATT&CK v14 brings improvements related to detections, industrial control systems (ICS), and mobile.
Cybersecurity Blog Posts
- Nilesh Dherange has outlined the 3 primary ransomware attack stages and useful indicators of compromise.
- The Help Net Security blog provides 7 free cyber threat maps showing the intensity and frequency of attacks. From the collaborative efforts of Google Ideas and Arbor Networks in the Arbor Networks Digital Attack Map to the extensive global threat intelligence network of Fortinet Threat Map, we cover a range of tools designed to enhance your situational awareness.
- Wallarm highlighted the promise of Zero Trust Network Access (ZTNA). With progressive tech strides and a growing emphasis on cybersecurity, ZTNA is expected to be a crucial determinant of the evolution of network security. Nevertheless, a successful ZTNA deployment calls for an in-depth comprehension of its principles and a strategic blueprint for its roll-out.
- Cybersecurity researcher Gergely Kalman has published a technical article about BatSignal (CVE-2022-26704), a vulnerability that allows the root user to gain privilege escalation in macOS.
Research and Analytics
- A new research conducted by Venafi finds that nearly 50% of its users report Kubernetes and container security incidents. The study revealed that cloud development practices create serious cybersecurity blind spots. This becomes especially relevant for businesses from the US, the UK, France and Germany.
- A new report by Duke University reveals details about the sale of sensitive data of the US military personnel by data brokers. The study, focusing on national security, has unveiled that highly detailed personal information about military personnel, veterans and their families sells for between $0.12 and $0.32 per record.
- China’s presence is growing in cybersecurity technology, with 6 of its companies being in the ranking of the 10 largest global patent holdings. At the same time, the American corporation IBM continues to hold the first place, according to a joint study by the Japanese news agency in cooperation with U.S. information services provider LexisNexis
- Germany is currently experiencing a significant increase in cyber threats, with the risk of ransomware attacks considered exceptionally high, according to the latest report from the German Federal Office for Information Security. The highest average increase in malware types with 332,000 new variants per day during the period from June 2022 to June 2023.
- Experts are theorizing about the mysterious shutdown of the Mozi botnet, which was recently eliminated using a special “switch” designed to deactivate all bots. First observed in India on August 8th, this mysterious disappearance stripped Mozi bots of most of their functionality.
- Password health and hygiene improved globally over the past year, reducing the rise of account takeover for consumers and businesses, according to Dashlane. Password reuse remains prevalent, however, leaving user accounts particularly vulnerable to password-spraying attacks if they’re not protected by strong multi-factor authentication (MFA).
- The VMware Threat Analysis Unit (TAU) has discovered 34 unique vulnerable drivers accepting firmware access, which can be used to erase/alter firmware, and/or elevate privileges. Additionally, previous research focused primarily on Windows Driver Model (WDM)and Windows Driver Framework (WDF) drivers and the company has published a list of file names associated with problematic drivers.
- SlashNext Threat Labs’ annual report provides analysis of threats seen in email channels, mobile devices and browsers over a 12-month period from Q4 2022 to Q3 2023. The report highlights an impressive 967% increase in credential theft attacks. It also reveals a 1,265% increase in phishing emails since the launch of ChatGPT, signaling a new era of cybercrime fueled by generative AI.
- According to a study conducted by Amazon Web Services (AWS), 35% of small and medium-sized businesses do not consider security to be strategic priority, 41% of those surveyed haven’t provided any security training to their organizations, 43% have plans to provide training within the next 12 months, 50% of respondents indicated some degree of concern about security in the cloud and view migration as a risk
- With Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY), according to Corvus Insurance. If the trajectory continues, 2023 will be the first year with more than 4,000 ransomware victims posted on leak sites (2,670 in 2022).
- The Identity Theft Resource Center® (ITRC) has stated in its annual report that small businesses are experiencing a record number of cyberattacks in 2023. According to the responses, cybersecurity incidents targeting small businesses reported were a record-high (73 %) Employee and consumer data continue to be the most impacted categories of information affected by a data breach.
- Paloalto has published a study on Cobalt Strike traffic detection. Report demonstrates how the Malleable C2 profile lends versatility to Cobalt Strike, and why this versatility makes Cobalt Strike an effective emulator for which it is difficult to design traditional firewall defenses.
- According to Sophos report, the rate of data encryption following a ransomware attack in healthcare was the highest in the last three years: 73% of healthcare organizations reported that their data was encrypted in the 2023 report, up from 61% in the 2022 report.
Major Cyber Incidents
- The LockBit crew is claiming to have leaked all of the data it stole from Boeing late last month, after the passenger jet giant apparently refused to pay the ransom demand.
- The Industrial & Commercial Bank of China confirmed its services has been disrupted by a ransomware attack that impacted its systems.
- The iconic integrated resort Marina Bay Sands in Singapore has disclosed a data breach that impacted 665,000 customers.
- Unidentified cybercriminals, declaring themselves to be the pro-Palestinian hacker group called “Soldiers of Solomon”, have claimed responsibility for the disruption of the production cycle of the biggest flour plant in Israel
- Shimano, the world’s leading manufacturer of cycling components, seems to have been hit by a massive data breach by the ransomware attackers, who have obtained confidential data, including information such as factory inspection results, lab tests and financial documents, etc.
- A ransomware attack this week has paralyzed local government services in multiple cities and districts in western Germany.
- The hackers has stolen $4.4 million in cryptocurrency by getting hold of private keys and passphrases stored in stolen LastPass databases.
- CCleaner, a popular software for cleaning files and Windows Registry entries, has confirmed that attackers accessed some of its customer data. CCleaner said it was impacted by the MOVEit Transfer bug, which allowed attackers to exfiltrate some of its customers’ data.