Week 47, November 20-26, 2023
Week 47, November 20-26, 2023. Cybersecurity Weekly Updates.
This week in the world of cybersecurity:
Cybersecurity Threats to Government and Businesses: Reports show a worrying trend in NetSupport RAT infections, increasingly targeting vital government and business sectors. This highlights the growing sophistication and focus of cyber threats on critical infrastructures.
Resurgence of Old Tactics in Phishing: The cyber world is seeing a comeback of old malware tactics, with DarkGate and PikaBot reviving QakBot’s strategies in recent phishing attacks. This serves as a reminder of the persistent and evolving nature of cyber threats.
Innovative Malware Techniques: A new malware, LummaC2, introduces a unique trigonometry-based anti-sandbox technique, marking an advancement in the methods used by cybercriminals to evade detection.
Cryptocurrency Security Risks: The Randstorm Exploit reveals a significant vulnerability, putting Bitcoin wallets created between 2011 and 2015 at risk of hacking. This underscores the ongoing security challenges in the cryptocurrency space.
Prolonged Targeted Cyber Espionage: An Indian hack-for-hire group has been actively targeting the U.S., China, and other countries for over a decade, signifying a sustained threat in the realm of international cyber espionage.
Commercialization of Ransomware: The transformation of Play Ransomware into a service for cybercriminals indicates a troubling shift towards the commoditization of cyber-attacks, making sophisticated tools more accessible to a wider range of bad actors.
Evolving Malware Variants: The emergence of a new Agent Tesla malware variant, utilizing ZPAQ compression in email attacks, reflects the continual evolution and adaptation of malware techniques.
Exploiting Vulnerabilities for Rootkit Deployment: Kinsing hackers have been exploiting a flaw in Apache ActiveMQ to deploy Linux rootkits, highlighting the importance of timely patching and security updates in software systems.
Targeted Attacks on Indian Android Users: There has been a surge in malicious apps posing as banks and government agencies, specifically targeting Indian Android users, signaling a focused attack on mobile platforms in the region.
Geopolitical Cyber Tensions: The Mustang Panda hackers’ focus on the Philippines government amid South China Sea tensions underlines the intersection of cyber activities with geopolitical conflicts.
Security Flaws in Biometric Systems: New discoveries show flaws in fingerprint sensors that could allow attackers to bypass the Windows Hello login, raising concerns over the security of biometric authentication systems.
Recent Tools and Techniques
These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.
sub.Monitor is a fast and user-friendly subdomain monitoring tool designed for continuous attack surface management. Its main advantage lies in its simplicity and ease of use. It utilizes SQLite for storing identified domains, eliminating the need for complex database management. This feature simplifies the setup process significantly. The tool stands out for its high customizability; users can easily modify the script by adding a few lines of code, integrating their preferred tools. Unlike other solutions that require more complex databases like MySQL or MongoDB, sub.Monitor offers a straightforward initialization process. Its key features include high speed, user-friendly interface, simple installation, and easy customization. Additionally, it continuously saves subdomains in a local database, with options for data export. The tool also supports notifications through popular platforms like Telegram, Slack, and Discord, keeping users informed about their domain status.
Crawlector is a threat-hunting framework tailored for detecting malicious content on websites. It combines web crawling and threat detection, featuring deep link scanning up to two levels and integration with Yara rules for thorough analysis. This tool supports both online and offline scanning, with capabilities for digital certificate analysis and checking URLs against the URLhaus database for known threats. Key functionalities include Deep Object Extraction, Slack notifications, and support for multiple hash functions, such as TLSH and SHA-256. It also offers domain resolution, Whois data retrieval, and the ability to save scanned pages for later analysis. Configurable through a single file, Crawlector records detailed logs in CSV format, making it a comprehensive and efficient solution for website security assessment.
LEAKEY is a bash script which checks and validates for leaked credentials. It is designed for verifying the authenticity and assessing the impact of leaked API tokens and keys, particularly useful in penetration testing and Red Team engagements. It operates through a JSON-based signature file, found at ~/.leakey/signatures.json, allowing for high customization and easy addition of new service checks. Users can enhance LEAKEY’s capabilities by appending new checks or services to the signatures.json file. The tool requires ‘jq’ for its functionality. Installation is straightforward, involving a curl command to fetch the install script, setting the necessary permissions, and executing the script. Once installed, LEAKEY is activated through a simple terminal command, streamlining the process of validating leaked credentials for security professionals and bug hunters.
That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.
To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.
