Week 1, January 1-7, 2024

Week 1, January 1-7, 2024. Cybersecurity Weekly Updates.

This week in the world of cybersecurity:

A new variant of DLL search order hijacking is concerning as it manages to bypass the latest Windows 10 and 11 protections, potentially affecting millions. Similarly, a new Terrapin flaw threatens to downgrade SSH protocol security, which could let attackers intercept or alter sensitive data during transmission. Users are also at risk from the JinxLoader, which is actively targeting individuals with Formbook and XLoader malware.

In terms of privacy and legal developments, Google has agreed to settle a $5 billion lawsuit over allegations of tracking users even in ‘Incognito Mode‘, highlighting ongoing concerns over digital privacy. Meanwhile, the Department of Justice has imposed a hefty $10 million fine on XCast for a massive illegal robocall operation, showing increased crackdowns on digital nuisances.

On the malware front, a new technique using Google MultiLogin exploit allows malware to maintain access even after a password reset, and a concerning SMTP Smuggling flaw has been discovered that lets attackers bypass security measures and spoof emails. The UAC-0050 group has been found using sophisticated phishing tactics to distribute the Remcos RAT, and a new macOS backdoor threat, SpectralBlur, has been linked to North Korean hackers.

Other notable threats include the resurfacing of the Bandook RAT variant, targeting Windows machines, and the Sea Turtle cyber espionage campaign, specifically targeting Dutch IT and Telecom companies. Additionally, a pro-Iranian hacker group is targeting Albania with destructive No-Justice Wiper malware.

 


Recent Tools and Techniques

These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.

Galah is a web honeypot tool that utilizes Large Language Models (LLM), specifically supporting the OpenAI API, to offer a unique approach to cyber defense. Mimicking the mimetic abilities of the Australian parrot it’s named after, Galah responds to incoming HTTP requests with interesting, sometimes foolish, replies. This tool diverges from the traditional emulation of web applications by dynamically generating realistic responses to engage potential attackers. Initially crafted as a weekend project, Galah stands out for its innovative use of LLMs in cybersecurity, though it’s not designed for production environments due to its potential for easy identification and unreviewed code. Users are advised to apply caution and set usage limits when deploying this tool.

EDRSilencer is a security tool designed to manage and control the outbound traffic of running Endpoint Detection and Response (EDR) processes on Windows systems. It leverages Windows Filtering Platform (WFP) APIs to identify active EDR processes and apply filters to block their external communications. Key features include searching for known EDR processes to block, adding and removing specific WFP filters, and support for command and control (C2) with in-memory PE execution modules. A unique aspect of EDRSilencer is its custom function to safely identify EDR processes without triggering access denials, enhancing its effectiveness. It currently supports a wide range of popular EDR solutions like Microsoft Defender, Elastic EDR, SentinelOne, and more, making it a versatile tool for managing EDR traffic in a controlled environment.

 


That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.

To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.

 

Related posts