Top News

• New Node.js-based Wish Stealer Targets Discord, Browsers, and Cryptocurrency Wallets

"CYFIRMA recently discovered a new malware called “Wish Stealer” that targets Windows users by stealing sensitive information from various sources like Discord, web browsers, cryptocurrency wallets, and social media accounts."

Link

TLP¹ : Green

• Microsoft Visio Files Used in Sophisticated Phishing Attacks

"A surge in two-step phishing attacks leveraging Microsoft Visio files has been identified by security researchers, marking a sophisticated evolution in phishing tactics."

Link

TLP¹ : Green

• Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims

"Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Hamas Tied to October Wiper Attacks Using Eset Email

"Hackers likely connected to Palestinian militants Hamas were behind wiper attacks detected in October against Israeli organizations including hospitals and municipalities."

Link

TLP¹ : Green

• A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

"A cyberattack in Israel allegedly disrupted communication services, causing widespread malfunction of credit card readers across the country on Sunday."

Link

TLP¹ : Green

• Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks

"The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Amazon confirms employee data breach after vendor hack

"Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Citrix Issues Patches for Zero-Day Recording Manager Bugs

"There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE.""

Link

TLP¹ : Green

• OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

"A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Emergence of Preemptive Cyber Defense: The Key to Defusing Sophisticated Attacks

"Preemptive cyber defense strategies not only strengthen a company’s immediate defenses but also prepare it for the future."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Java(Script) Drive-By, Hacking Without 0days

"A remote code execution chain in Google Chrome, which allows an attacker to execute code on the host machine, can cost anywhere from $250,000 to $500,000. Nowadays, such powers are typically reserved for governments and spy agencies. But not so long ago, similar capabilities were accessible to the average script kiddie."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp