9 November 2023
2023
Anomaly detection in certificate-based TGT requests
Alexander Rodchenko
https://securelist.com/anomaly-detection-in-certificate-based-tgt-requests/110242/
Excerpt:
“One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center (KDC) into granting access to the target company’s network. An example of such an attack is the Shadow Credentials technique, which lets an attacker sign in under a user account by modifying the victim’s msDS-KeyCredentialLink attribute and adding an authorization certificate to it. Such attacks are difficult to detect because, instead of stealing credentials, the cybercriminals use legitimate Active Directory (AD) mechanisms and configuration flaws.”
Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis
Excerpt:
“In the ever-evolving landscape of cyber threats, banking trojans continue to pose a significant risk to organizations worldwide. Among them, Qakbot, also known as QBot or Pinkslipbot, stands out as a highly sophisticated and persistent malware active since 2007, targeting businesses across different countries. With a primary focus on stealing financial data and login credentials from web browsers, Qakbot also serves as a backdoor to inject next-stage payloads like Cobalt Strike and ransomware. Its adaptability, evasive techniques, and global reach have made it a formidable adversary for cybersecurity professionals seeking to defend against its malicious activities.”
Alarming rise in online attacks Malaysia’s cyber security landscape in 2023
Afiq Hanif
Excerpt:
“According to CyberSecurity Malaysia, the country has reported 4,741 cyber threats in 2022, and already recorded 456 fraud cases as of February 2023.”
Super Admin elevation bug puts 900,000 MikroTik devices at risk
Bill Toulas
Excerpt:
“A critical severity 'Super Admin' privilege elevation flaw puts over 900,000 MikroTik RouterOS routers at risk, potentially enabling attackers to take full control over a device and remain undetected.
The flaw, CVE-2023-30799, allows remote attackers with an existing admin account to elevate their privileges to "super-admin" via the device's Winbox or HTTP interface.”
New Realst macOS malware steals your cryptocurrency wallets
Bill Toulas
Excerpt:
“A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development.The malware, first discovered by security researcher iamdeadlyz, is distributed to both Windows and macOS users in the form of fake blockchain games using names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLeg”
Average cost of healthcare data breach reaches $11M, report finds
Emily Olsen
https://www.cybersecuritydive.com/news/healthcare-data-breach-costs/688889/?&web_view=true
Excerpt:
“The IBM report, which analyzed more than 550 organizations that experienced data breaches between March 2022 and 2023, found healthcare had “notably higher” average data breach costs since the COVID-19 pandemic.”
Spyhide stalkerware is spying on tens of thousands of phones
Zack Whitakker
Excerpt:
“Spyhide is a widely used stalkerware (or spouseware) app that is planted on a victim’s phone, often by someone with knowledge of their passcode. The app is designed to stay hidden on a victim’s phone’s home screen, making it difficult to detect and remove. Once planted, Spyhide silently and continually uploads the phone’s contacts, messages, photos, call logs and recordings, and granular location in real time.”
First known open-source software attacks on banking sector could kickstart long-running trend
Daniel Todd
Excerpt:
“Application security provider Checkmarx has detailed its findings on the first known open-source software (OSS) attacks targeting the banking sector.
During the first half of 2023, the firm said its supply chain research team detected several OSS attacks that showcased advanced techniques designed to exploit legitimate services - such as attaching malicious functionalities to specific components of the victim bank’s web assets.”
Google says Apple employee found a zero-day but did not report it
Lorenzo Franceschi-Bicchierai
https://techcrunch.com/2023/07/20/google-says-apple-employee-found-a-zero-day-but-did-not-report-it/
Excerpt:
“Google fixed a zero-day in Chrome that was found by an Apple employee, according to comments in the official bug report. While the bug itself is not newsworthy, the circumstances of how this bug was found and reported to Google are, to say the least, peculiar.”
Critical Flaws Found in Microsoft Message Queuing Service
Alessandro Mascellino
https://www.infosecurity-magazine.com/news/flaws-microsoft-message-queuing/?&web_view=true
Excerpt:
“Three vulnerabilities have been discovered within the Microsoft Message Queuing (MSMQ) service – a proprietary messaging protocol designed to enable secure communication between applications running on separate computers.
FortiGuard Labs, the cybersecurity research arm of Fortinet, described the flaws in an advisory published on Monday.”
Over 400,000 corporate credentials stolen by info-stealing malware
Bill Toulas
Excerpt:
“The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they had achieved significant infiltration into business environments.
Information stealers are malware that steals data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, FTP clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cybercrime marketplaces.”
RaaS proliferation: 14 new ransomware groups target organizations worldwide
Help Net Security
https://www.helpnetsecurity.com/2023/07/25/active-ransomware-groups-2023/?web_view=true
Excerpt:
“In the Q2 2023, GuidePoint Research and Intelligence Team (GRIT) tracked 1,177 total publicly posted ransomware victims claimed by 41 different threat groups.”