14 Feb Newsletter For Third Week of February 2023
Malicious Google Ads Sneak AWS Phishing Sites Into Search Results
A new phishing campaign targeting Amazon Web Services (AWS) logins is abusing Google ads to sneak phishing sites into Google Search to steal your login credentials. The bad ads ranked second when searching for “aws,” right behind Amazon’s own promoted search result. The site uses ‘window.location.replace’ to automatically redirect the victim to a new website that hosts the fake AWS login page, made to appear authentic.
Hackers Breach Reddit To Steal Source Code And Internal Data
Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code. The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees’ credentials and two-factor authentication tokens.
A10 Networks Confirms Data Breach After Play Ransomware Attack
The California-based networking hardware manufacturer ‘A10 Networks’ has confirmed to BleepingComputer that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data. The company’s investigation determined that the threat actors managed to gain access to shared drives, deployed malware, and ‘compromised’ data related to human resources, finance, and legal functions.
Dota 2 Under Attack: Threat Actors Exploit a Chrome Flaw to Infect Gamers
Avast Threat Labs researchers found that the attackers had created four malicious Dota 2 game mods and published them on the Steam store to lure gamers. The attackers also included a new file named evil.lua in their attack which was used to test server-side for Lua execution and logging capabilities. The other method of infection involved the exploitation of a known Google’s V8 JavaScript and WebAssembly vulnerability (CVE-2021-38003).
CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote code execution with the highest privileges.
Russian Nodaria APT Adds Advanced Information Stealing Functionality
Symantec researchers found evidence that Graphiron’s origin dates back to October 2022 and Nodaria has been using it much more often.The malware is developed using Go version 1.18 and is capable of harvesting a wide range of information from the infected computer, including system information, credentials, screenshots, and files. It has additional features to run shell commands and harvest system information, files, credentials, screenshots, and SSH keys.Moreover, it communicates with the C2 server using port 443 and communications are encrypted using the AES cipher.
Android Mobile Devices From Top Vendors In China Have Pre-Installed Malware
The boffins used static and dynamic code analysis techniques to study the data transmitted by the preinstalled system apps on Android smartphones from three of the most popular vendors in China, Xiaomi, OnePlus, and Oppo Realme. The experts discovered several system, vendor and third-party apps with dangerous privileges.
Supply Chain Attack via New Malicious Python Packages by Malware Author Core1337
The FortiGuard Labs team recently discovered several new 0-day attacks in the PyPI packages (Python Package Index) by malware author ‘Core1337’, who published the following packages: ‘3m-promo-gen-api’, ‘Ai-Solver-gen’, ‘hypixel-coins’, ‘httpxrequesterv2’, and ‘httpxrequester’. These attacks were published between January 27 to January 29, 2023. Each package had one version and an empty description, and all contained similar malicious code.
Android 14 To Block Malware From Abusing Sensitive Permissions
Google has announced the release of the first developer preview for Android 14, the next major version of the world’s most popular mobile operating system, which comes with security and privacy enhancements, among other things. A highlighted security feature in Android 14 is to block the installation of malicious apps that target older API levels (Android versions), which allows easier abuse of sensitive permissions.
QakNote Campaign Leverages OneNote to Infect Victims with QBot
QBot’s operators have started experimenting with a new distribution method using OneNote files to infect systems. This new malware campaign has been dubbed QakNote. Sophos researchers observed two parallel spam campaigns distributing malicious Microsoft OneNote attachments embedded with an HTML application (HTA file). They utilized the thread injections method where they hijack existing email threads and send a reply-to-all message to its participants with an attached malicious OneNote notebook.
The TechLab Cyber Security Team responsible for monitoring, identifying, detecting, protecting, isolating, responding and recovering based on current threats provides 24x7x365 services, TechLab Security specializes in various security products, projects, network devices, end-user devices, and system.
The TechLab Cyber Security Team Major Responsibilities Are:
• Monitor, Analyze, Correlate & Escalate Intrusion Events,
• Develop Appropriate Responses; Protect, Detect, Respond,
• Conduct Incident Management and Forensic Investigation,
• Maintain Security Community Relationships,
• Various Cyber Security Consulting Services such as Penetration Testing, Vulnerability Assessment, PCI-DSS Compliance and ISO27001 implementation and Audit compliances,
• Assist in Crisis Operations.