top of page
Search
hayleywade1
Apr 124 min read

Cyber Weekly Digest - 2024 Week #15



👋 Welcome to the 15th edition Cyber Weekly Digest of 2024.


Coming in live from Nusa Lembongan, Bali this week (humble brag). However, cyber security stops for no (wo)man so here I am, sipping on my cold coconut, listening to the ocean and bringing you this week's hottest cyber news.

 

New and noteworthy this week:

 

🟣 SentinelOne announce Purple AI is here and now generally available! Unlike anything else on the market, the world’s most advanced cybersecurity AI from SentinelOne can turn your organisation’s data into its strongest defense. Learn how Purple AI makes threat hunting and investigations 80% faster and much, much more here

 

🟣 API security is a top agenda item in 2024 for tech leaders worldwide, but in a market brimming with options, finding the right fit for your organisation can feel like looking for a needle in a haystack. This eBook from Cequence outlines the 10 indispensable features your API security solution must include, ensuring your defenses are impenetrable without putting the brakes on development.

 

🟣 Has rapid adoption of BYOD has left your organisation vulnerable, with compliance and security often overlooked? Read ThreatAware's latest blog, by Head of Security Jon Tamplin, to discover why BYOD security should go hand in hand with compliance standards, and what steps organisations can take to bridge the gap and safeguard their digital assets.

 

Last but not least...


🟣 CultureAI's Lead Security Researcher, John Scott, shares his stance on whether to enact legal bans on ransomware payments. You can read his reasons for feeling it's impractical and why instead, we should focus on a multi-layered defence, with emphasis on security hygiene practices in Computer Weekly here

 

Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.

 

This week LastPass revealed how they were targeted with a Deepfake, we heard about a ransomware cyber attack on a Japanese Optics giant and how hackers are stealing data from e-commerce websites.

 

Keep reading to stay up to date on the latest cyber security news.

 

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet FortiGuard Labs said in a technical report. The modus operandi is notable for the use of the BatCloak malware obfuscation engine and ScrubCrypt to deliver the malware in the form of obfuscated batch scripts. BatCloak, offered for sale to other threat actors since late 2022, has its foundations in another tool called Jlaive. Its primary function is to load a next-stage payload in a manner that circumvents traditional detection mechanisms.

 

A threat actor tracked as TA547 has targeted dozens of German organisations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said. "Additionally, the actor appeared to use a PowerShell script that researchers suspect was generated by a large language model (LLM)." TA547 is a prolific, financially motivated threat actor that's known to be active since at least November 2017, using email phishing lures to deliver a variety of Android and Windows malware such as ZLoader, Gootkit, DanaBot, Ursnif, and even Adhubllka ransomware. In recent years, the group has evolved into an initial access broker (IAB) for ransomware attacks. It has also been observed employing geofencing tricks to restrict payloads to specific regions.

 

LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. However, while 25% of people have been on the receiving end of an AI voice impersonation scam or know someone who has, according to a recent global study, the LastPass employee didn't fall for it because the attacker used WhatsApp, which is a very uncommon business channel. Deepfake audio attack (LastPass) "In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp," LastPass intelligence analyst Mike Kosak said.

 

A recent cyberattack on Hoya Corporation was conducted by the 'Hunters International' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack. Hoya is a Japanese company specializing in optical instruments, medical equipment, and electronic components. It operates 160 offices and subsidiaries in more than 30 countries and a network of 43 laboratories worldwide. A week ago, the firm disclosed a cyberattack that impacted production and order processing, with several of its business divisions experiencing IT outages.

 

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of security updates released on February 13, 2024. Sansec said it discovered a "cleverly crafted layout template in the database" that's being used to automatically inject malicious code to execute arbitrary commands. "Attackers combine the Magento layout parser with the beberlei/assert package (installed by default) to execute system commands," the company said.




11 views0 comments

Comments

bottom of page