WME Security Briefing 29 March 2024

WME Cybersecurity Briefings No. 003

Russian hackers escalating their cyber warfare, deploying TinyTurla-NG to breach European NGOs.

Cisco Talos reveals a targeted attack against organizations advocating democracy and supporting Ukraine. With their sophisticated methods, these cyber attackers are bypassing antivirus defenses and extracting sensitive data. Stay vigilant and informed!

Over 800 npm packages riddled with vulnerabilities.

15+ of these are susceptible to ‘Manifest Confusion’ attacks. This extensive news exposes the underlying risks in package dependencies that millions of developers rely on. The implications are vast as they threaten the integrity of software supply chains worldwide. Developers are urged to audit their npm packages now!

AndroxGh0st Malware Alert!

These threats, AndroxGh0st, are targeting Laravel apps. They are aiming to pilfer cloud credentials. This malware scans for sensitive .env files, extracting vital login info related to AWS and Twilio, among others. With its roots traceable back to 2022, AndroxGh0st exploits vulnerabilities in Apache HTTP Server, Laravel Framework, and PHPUnit. Stay vigilant and ensure your systems are up to date.

The U.S. sanctions two Russians and their companies for their role in the “Doppelganger” disinformation campaign.

This sophisticated operation targeted Western audiences with fake news sites and social media, aiming to sow discord and misinformation. The sanctioned individuals were instrumental in creating over 60 counterfeit sites to mimic legitimate news outlets. This action highlights our ongoing battle against cyber threats.

GitHub launches an AI-powered tool, code scanning autofix.

It’s now in public beta for Advanced Security customers.

This innovation leverages GitHub Copilot, CodeQL, and OpenAI GPT-4, and offers targeted recommendations to help developers patch over 90% of security flaws in JavaScript, Typescript, Java, and Python without introducing new issues.

A new version of malware, DinodasRAT, targets Linux systems.

DinodasRAT is a multi-platform backdoor that can steal information from your computer and control it remotely. This new version targets Red Hat-based distributions and Ubuntu Linux. It periodically contacts a remote server over TCP / UDP to fetch commands to be run. This means that the attackers can control the infected computer remotely and issue new commands at any time. DinodasRAT can perpetrate malicious file operations, change command-and-control (C2) addresses, and enumerate and terminate running processes.

Finland’s Parliament targeted in a cyberattack believed to have occurred between fall 2020 and early 2021.

Finland is blaming China’s hacking group APT31. This isn’t the first time APT31 has been accused of cyberespionage as the U.S. and U.K. have also made similar accusations in the recent past. APT31 is a Chinese state-backed group that has been active for over a decade. So far, seven operatives have been charged in the U.S. for their involvement in hacking sprees. China denies these allegations.

A sophisticated phishing platform called Darcula used by cybercriminals

They are launching phishing attacks on a large scale as they leverage iMessage and RCS messaging to bypass SMS firewalls. Phishing sites created using Darcula are designed to look like legitimate websites, tricking users into revealing personal information. The worst part is, Darcula is available for a monthly fee, making it accessible to a wide range of criminals.

India’s defense & energy sectors targeted in a cyberespionage campaign

The attackers used a malicious PDF disguised as an Air Force invitation to gain access to victims’ systems. Once infiltrated, the malware could steal sensitive data and upload it to Slack channels controlled by the attackers. The details of the malware are still unknown, but suspected to be similar to a Go-based stealer called GoStealer used in a previous phishing campaign. They might have stolen confidential documents, private emails, and cached web browser data.

Hackers actively exploiting an RCE vulnerability in Microsoft SharePoint Server.

CISA warns that this vulnerability allows an authenticated attacker with Site Owner privileges to execute arbitrary code on the server. This means that attackers could potentially take complete control of a vulnerable SharePoint server. Microsoft released a patch for this vulnerability in May 2023. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) list, which means that federal civilian agencies in the United States are required to apply the patch by April 16, 2024. If you are using Microsoft SharePoint Server, it is important to apply the patch as soon as possible.



Contact Us

On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.