Week 40, October 2-8, 2023

Week 40, October 2-8, 2023. Cybersecurity Weekly Updates.

This week in the world of cybersecurity:

API Security is a top concern as it poses a silent threat to various industries.

Cyberattacks like the Silent Skimmer campaign that targets online payment businesses have been on the rise for a year.

Additionally, vulnerabilities like OpenRefine’s Zip Slip could allow attackers to execute malicious code, highlighting the importance of patching.

New threats like BunnyLoader, a malware-as-a-service, have emerged in the underground cybercrime scene, while Zanubis Android Banking Trojan disguises itself as a Peruvian government app to target users.

Organizations must stay vigilant as Qualcomm releases patches for actively exploited zero-days, and the PyTorch models vulnerability poses a risk of remote code execution.

In the software development world, over three dozen data-stealing malicious npm packages have been found, targeting developers’ systems.

Recent Tools and Techniques

These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.

Metlo is an open-source API security platform designed to enhance the security of your APIs quickly and efficiently. It’s a versatile tool that can be set up in less than 15 minutes and offers a range of features, including real-time API attack detection and automatic blocking of malicious actors. Metlo also helps you create an inventory of your API endpoints and sensitive data, allowing you to proactively test your APIs before deploying them into production. There are multiple ways to get started with Metlo, including Metlo Cloud for seamless scalability, Metlo Self Hosted for larger organizations or air-gapped systems, and an Open Source option with deployment instructions for various platforms. With features like endpoint discovery, sensitive data scanning, attack detection, and comprehensive security testing, Metlo empowers businesses to secure their APIs effectively in an era where API security breaches are on the rise. Plus, it offers the flexibility of self-hosting and getting started for free.

Spraycharles is a specialized tool designed for low and slow password spraying, particularly suited for long-term campaigns. This tool helps identify weak passwords by attempting login with a specified list of usernames and passwords at a controlled pace. Key features include real-time detection of login attempts, interval-based submissions, and customizable settings for the number of login attempts, interval times, and more. It supports various modules tailored for different target systems like Office365 and SMB. Spraycharles also offers utilities for generating custom password lists and extracting domain information from NTLM over HTTP and SMB services. Additionally, it provides a results analyzer to identify successful logins from the generated CSV files. Overall, Spraycharles is a versatile tool for conducting controlled and efficient password spraying attacks.

Electron_shell is a tool aimed at creating a more covert Remote Access Trojan (RAT) by leveraging the features of Electron, a popular framework for building desktop applications, to enable command injection. It combines these capabilities with remote control methods. This tool supports various operating systems, including macOS, Linux, and Windows, and can target a wide range of desktop applications developed using Electron, such as QQ, Microsoft Team, Discord, GitHub Desktop, and more. By executing malicious operations within trusted programs, it aims to bypass Network Access Control Policies and evade detection by antivirus software like Windows Defender, Avast, and others. Electron_shell exploits the trust associated with well-known applications to conceal its activities effectively, offering a method for remote control through a Command and Control (C2) server. However, it’s important to note the potential legal risks associated with injecting malicious behavior into trusted applications, as users may unwittingly encounter unexpected activities from programs they trust.

That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.

To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.