InfoSec News 20230802
Top News
-
Threat actors abuse Google AMP for evasive phishing attacks
"Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of enterprise employees."
TLP1 : Green
-
Space Pirates Turn Cyber Sabers on Russian, Serbian Organizations
"The attackers have expanded beyond backdoors and recently started using Deed RAT to step up their attacks."
TLP1 : Green
-
SpyNote Spyware Returns with SMS Phishing Against Banking Customers
"In its recent attack campaign, SpyNote Spyware is sending victims fake SMS messages urging them to install a new certified banking app."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability
"Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network."
TLP1 : Green
-
Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers
"Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews."
TLP1 : Green
-
AI-Enhanced Phishing Driving Ransomware Surge
"Government agencies alongside education and healthcare organizations have become prime targets for ransomware operators over the past three years."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Hot Topic hit by wave of cyber attacks
"The series of attacks took place between February and June of this year."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack
"A new power side-channel attack named Collide+Power can allow an attacker to obtain sensitive information and it works against nearly any modern CPU."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
How To Present SecOps Metrics (The Right Way)
"SecOps metrics can be a gold mine of potential for informing better business decisions, but 78% of CEOs say they don’t have adequate data on risk exposure to make good decisions. Even when they do see the right data, 82% are inclined to “trust their gut” anyway."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts
"Unit 42 researchers have recently discovered a previously unreported phishing campaign that distributed an infostealer equipped to fully take over Facebook business accounts. Facebook business accounts were targeted with a phishing lure offering tools such as spreadsheet templates for business. This is part of a growing trend of threat actors targeting Facebook business accounts – for advertising fraud and other purposes – which emerged around July 2022 with the discovery of the Ducktail infostealer."
TLP1 : Green
-
Hackers use new malware to breach air-gapped devices in Eastern Europe
"Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.