Top News

• US, Japan and South Korea Unite to Counter North Korean Cyber Activities

"The US, Japan and South Korea have established a high-level consultative body designed to counter North Korea’s cyber activities.
A key purpose of the new group is to prevent cyber-attacks and crypto heists used to fund North Korea’s weapons development, including its nuclear program, according to South Korea’s Office of National Security."

Link

TLP¹ : Green

• Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel

"Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure."

Link

TLP¹ : Green

• Socks5Systemz proxy service infects 10,000 systems worldwide

"A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices.
The malware infects computers and turns them into traffic-forwarding proxies for malicious, illegal, or anonymous traffic. It sells this service to subscribers who pay between $1 and $140 per day in crypto to access it."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Cybercrime service bypasses Android security to install malware

"A new dropper-as-a-service (DaaS) cybercrime operation named 'SecuriDropper' has emerged, using a method that bypasses the 'Restricted Settings' feature in Android to install malware on devices and obtain access to Accessibility Services."

Link

TLP¹ : Green

• Discord will switch to temporary file links to block malware delivery

"Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware."

Link

TLP¹ : Green

• U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown

"The U.S. Department of the Treasury imposed sanctions against a Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the Ryuk ransomware group."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Data of 171,871 Deer Oaks Behavioral Health clients and employees dumped by ransomware group

"Deer Oaks Behavioral Health in Texas is a behavioral health services provider of psychological and psychiatric services to residents of long-term care and assisted living facilities. On October 31, they issued a substitute notice on their website about a ransomware incident they experienced."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• QNAP warns of critical command injection flaws in QTS OS, apps

"QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices."

Link

TLP¹ : Green

• TellYouThePass ransomware joins Apache ActiveMQ RCE attacks

"Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution (RCE) vulnerability previously exploited as a zero-day.
The flaw, tracked as CVE-2023-46604, is a maximum severity bug in the ActiveMQ scalable open-source message broker that enables unauthenticated attackers to execute arbitrary shell commands on vulnerable servers."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• CSA STAR Certifications: What are They?

"The CSA Security, Trust, Assurance, and Risk (STAR) program is the largest cloud assurance program in the world that constitutes an ecosystem of the best practices, standards, technology, and auditing partners. Any organization operating or providing cloud services can benefit from completing the certifications under the STAR program. These certifications are based on the Cloud Controls Matrix (CCM), the STAR program’s framework of essential cloud security controls. In this blog, learn more about the various STAR certifications and what’s required to complete them."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors

"Unit 42 researchers have investigated a series of destructive cyberattacks beginning in January 2023 and continuing as recently as October 2023, targeting the education and technology sectors in Israel.
The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property. Once the attackers stole the information, they deployed various wipers intended to cover the attackers’ tracks and to render the infected endpoints unusable."

Link

TLP¹ : Green

• Apple 'Find My' network can be abused to steal keylogged passwords

"Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp