By security practitioners, for security practitioners novacoast federal | Pillr | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top 10 – 02.05.2024-  Homeland Security Employees Arrested, CISA Warns of iOS and macOS Actively Exploited Zero-Day Vulnerabilities, Brazilian Authorities Take Down Grandoreiro and more.

WEEKLY TOP TEN | February 5, 2024, 15:00 GMT

Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranking by highest risk and using multiple sources when available:

  1. Homeland Security Employees Arrested for Stealing the Data of Government Employees

    Three former US Department of Homeland Security (DHS) employees have been arrested and sentenced to prison for the theft of proprietary government software and federal employee information. All three individuals plead guilty to Attempts to Defraud the United States and Theft of Government Property charges.
  2. ZLoader Malware Resurfaces After Takedown by Microsoft

    In April of 2022, Microsoft dismantled the infrastructure of the ZLoader malware campaign. Recently, ZLoader has re-emerged with a new version, containing new features and defense-evasion methodology. The new version of ZLoader has been under development since September 2023 and has been modified to use RSA encryption and an updated randomized domain generation algorithm.
  3. US Government Disrupts Volt Typhoon Botnet

    The Chinese government supports Volt Typhoon, an APT group. The FBI and DOJ have released a statement with limited information concerning a joint operation to disrupt a botnet linked to Volt Typhon, which has been targeting critical infrastructure. Researchers have revealed that the White House has asked private companies within the cybersecurity space to track the Volt Typhoon.
  4. CISA Warns of Actively Exploited Zero-Day Vulnerabilities in iOS and macOS

    The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability impacting all Apple-developed operating systems to their Known Exploited Vulnerabilities (KEV) list. This vulnerability (CVE-2022-048618 CVSS score 7.8) is an arbitrary file read, allowing files to be read without authentication. Apple has released patches for all impacted operating systems.
  5. Developer of Trickbot Sentenced to Five Years in Prison

    Apple has recently released patches for a new vulnerability impacting nearly all Apple devices, seemingly with the exclusion of only watchOS. The patched vulnerability (CVE-2024-23222) is a confusion issue in the WebKit browser engine that leads to remote code execution. Apple does state that it is aware of reports of potential in-the-wild exploitation of this specific vulnerability. Patches have been released for all impacted devices.
  6. LockBit Ransoms a Non-Profit Children’s Hospital

    After renouncing their previous “honor among thieves” code, the LockBit ransomware gang stated they would no longer avoid targeting critical infrastructure or healthcare facilities; the impact of this has truly been felt as the gang ransomed a children’s hospital located in Boston. LockBit is asking for eight thousand dollars to decrypt the hospital’s files. The victim hospital has claimed that no patient data has been stolen and that there has been no lapse in patient care due to this attack.
  7. Nitrogen Malware Distributed via Malicious Advertising

    JNitrogen is loader malware with various possible payloads, from infostealers to command-and-control frameworks. This malware has followed the booming trend of using malicious advertisements and compromised websites to deliver its executables to victim devices. These ads pose as legitimate software downloads, using sites compromised by threat actors and re-skinned to provide the appropriate look for the imitated software. Due to the use of ads, these websites frequently appear at the top of web searches and enjoy widespread user trust.
  8. Brazilian Authorities Take Down Grandoreiro Banking Trojan

    Grandoreiro is a banking malware that has targeted Spanish-speaking countries for several years. The federal police of Brazil, with support from Interpol and the Spanish police, have arrested five individuals linked to Grandoreiro and conducted property seizures across several Brazilian cities. This malware was estimated to be responsible for $120,000,000 in theft and damages.
  9. Russian-Backed APT Midnight Blizzard Breached Microsoft Corporate Emails

    Microsoft reported a cybersecurity incident in which they claimed that Russian-affiliated threat actors known as Midnight Blizzard had compromised Microsoft corporate emails. The account accessed had limited administrative privileges over some Microsoft email accounts, including those of senior leadership. Midnight Blizzard was able to exfiltrate data from these emails, including legal and cybersecurity information.
  10. Vulnerabilities Discovered in Popular Security Driver

    The Panda Memory Access Driver is part of an EDR solution from Panda Security. Recently, several vulnerabilities have been discovered in this driver, allowing attackers to exploit several exploits, including registry modification, out-of-bounds reads, and arbitrary file reads. Patches have now been released in the latest versions of WatchGuard and Panda Dome.
Previous Post

Weekly Top 10 – 01.29.2024- QR Code Phishing Attacks, LockBit Ransomware Affiliates, Zero-Day in Apple Devices Patched, and more.

Next Post

Innovator Series EP4: Satish Veerapuneni of Lumeus

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.