Week 33, August 14-20, 2023

Week 33, August 14-20, 2023. Cybersecurity Weekly Updates.

This week in the world of cybersecurity:

The cybersecurity landscape is witnessing new developments as a New Remote Access Trojan, QwixxRAT, Emerges via Telegram and Discord, posing a threat to users across platforms. In e-commerce, there are Ongoing Xurum Attacks Exploiting Critical Magento 2 Vulnerability, which emphasizes the urgent need for security upgrades. Concerns about privacy and data protection continue to rise, especially in India, where the government has stepped in to safeguard citizens with the New Digital Personal Data Protection Bill (DPDPB), Putting Users’ Privacy First. In another alarming development, Cybercriminals are Abusing Cloudflare R2 for Hosting Phishing Pages, according to warnings from experts. Lastly, Google is contributing to cybersecurity by Introducing First Quantum Resilient FIDO2 Security Key Implementation, marking a significant step towards robust online security.

Recent Tools and Techniques

These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.

The ARTful library is designed to work with Android Runtime (ART) on Android versions 13 and 14, providing developers with a dynamic way to modify static methods within an application or the Android Framework. This tool enables changes to method implementations that are called from within the application, without the need for plaintext references to Android ClassLoaders. By removing method cross-references entirely, the ARTful library offers a means to counter Reverse Engineering, making it a valuable asset for enhancing the security and flexibility of Android application development.

VED-eBPF is a tool focused on Kernel Exploit and Rootkit Detection, specifically designed for Linux systems. Utilizing extended Berkeley Packet Filter (eBPF), it enables runtime kernel security monitoring without modifying the kernel source itself. VED-eBPF has two main detection functions. The first, known as wCFI (Control Flow Integrity), traces the kernel call stack to detect any control flow hijacking attacks by validating return addresses against known call sites. The second, PSD (Privilege Escalation Detection), monitors changes to kernel credential structures to detect unauthorized privilege escalations. By attaching eBPF programs to specific kernel functions and tracing execution flows, VED-eBPF extracts and analyzes security events, efficiently guarding against potential exploits or rootkits. It offers robust protection by identifying anomalies and unauthorized changes, submitting this information for further analysis.

Chimera Unlea$ed is an Automated DLL Sideloading Tool equipped with EDR (Endpoint Detection and Response) Evasion Capabilities. While DLL sideloading can serve legitimate functions, such as loading necessary libraries, it can also be exploited for malicious activities, like executing arbitrary code on a target system. Chimera is designed to streamline the DLL sideloading process, including methodologies that bypass common security products like EDR and antivirus software. This is achieved through techniques like automatically encrypting shellcode with XOR, creating template Images for malicious DLLs, and utilizing Dynamic Syscalls from SysWhispers2 with modified assembly to evade detection patterns. The tool also employs Random nop sleds, Early Bird Injection, Sandbox Evasion mechanisms, and a Timing attack to delay shellcode execution. Through these multifaceted approaches, Chimera has proven effective at evading detection and successfully executing commands on targeted systems.

That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.

To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.