Top News

• Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners

"Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices."

Link

TLP¹ : Green

• Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack

"American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam."

Link

TLP¹ : Green

• Microsoft kills off Windows app installation from the web, again

"Microsoft has disabled a protocol that allowed the installation of Windows apps after finding that miscreants were abusing the mechanism to install malware."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT

"The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software."

Link

TLP¹ : Green

• CYBERCRIMINALS IMPLEMENTED ARTIFICIAL INTELLIGENCE (AI) FOR INVOICE FRAUD

"Resecurity has uncovered a cybercriminal faction known as “GXC Team“, who specializes in crafting tools for online banking theft, ecommerce deception, and internet scams. Around November 11th, 2023, the group’s leader, operating under the alias “googleXcoder“, made multiple announcements on the Dark Web.  On New Year’s Eve, the group declared significant price reductions, offering up to a 20% discount on their products available on the Dark Web."

Link

TLP¹ : Green

• ISP Orange Spain Faces Internet Outage Due to Hacker Attack

"In a recent cyber incident, Orange Spain, a prominent internet service provider (ISP), suffered a major internet outage on January 3. The disruption lasted for several hours, leaving countless customers unable to access the internet during that time. The cause of this service disruption is believed to be a well-coordinated hacker attack, directly targeting Orange Spain’s digital infrastructure."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• 23andMe blames users for data breach, citing recycled passwords

"Genetic testing company 23andMe is facing a class action lawsuit after users’ data was accessed without authorization – a breach it blames on customers who used a recycled password as login credentials for their account on the home DNA firm’s website."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• CISA warns federal agencies of exploited Google Chrome and open-source vulnerabilities

"Two new vulnerabilities have been added to the list of exploited bugs by the Cybersecurity and Infrastructure Security Agency (CISA).

CISA on Tuesday warned of a vulnerability concerning the open-source Perl library, classified as CVE-2023-7101, as well as a bug impacting Google Chrome that was addressed by the company last month."

Link

TLP¹ : Green

• Gamma Protocol Reportedly Suffers $3.4M Exploit

"Decentralized finance (DeFi) protocol Gamma Strategies finds itself in the spotlight as security analysts report a significant exploit leading to losses of approximately $3.4 million. 

Both PeckShield and BlockSec, reputable security firms, have confirmed the incident, highlighting a breach that allowed a hacker to abscond with 1500 ether."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Three Ways To Supercharge Your Software Supply Chain Security

"Section four of the "Executive Order on Improving the Nation's Cybersecurity" introduced a lot of people in tech to the concept of a "Software Supply Chain" and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• PhantomCrawler - Boost Website Hits By Generating Requests From Multiple Proxy IPs

"PhantomCrawler allows users to simulate website interactions through different proxy IP addresses. It leverages Python, requests, and BeautifulSoup to offer a simple and effective way to test website behaviour under varied proxy configurations."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp