Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.
1.Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling by @TalosSecurity
- several malicious email campaigns over past months that disguise JavaScript code within HTML email attachments
2.Introducing a New Vulnerability Class: False File Immutability by @elasticseclabs
- such vulnerability in the Windows 11 kernel can be exploited to achieve arbitrary code execution with kernel privileges
https://www.elastic.co/security-labs/false-file-immutability
3. MoonWalk: A deep dive into the updated arsenal of APT41 | P2 by @Threatlabz
- shares DodgeBox dev toolkit
- employs Google Drive as C2 channel to blend in with legitimate network traffic & utilization of Windows Fibers to evade AV/EDR security solutions
https://www.zscaler.com/blogs/security-research/moonwalk-deep-dive-updated-arsenal-apt41-part-2
4. DodgeBox: A deep dive into the updated arsenal of APT41 | P1 by @Threatlabz
- incorporates various evasive techniques such as call stack spoofing, DLL sideloading, DLL hollowing and environmental guardrails
https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
5. Fake Microsoft Teams for Mac delivers Atomic Stealer by @Malwarebytes
- each click is profiled to ensure only real people h proceed, followed by cloaking domain (voipfaqs[.]com) separating initial redirect from malicious landing (teamsbusiness[.]org)
6. Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs by @ReversingLabs
- obfuscated downloaders inserted into legitimate PE binaries using Intermediary Language weaving,.NET programming technique for modifying apps code after compilation
7. Threat Actors Actively Exploiting CVE-2024-24919: Underground Forums Share IP Addresses of Vulnerable Check Point Security Gateway Devices by @CyfirmaR
- search engine shows ~16,035 results related to the purportedly affected Check Point SVN Foundation
8. Braodo Info Stealer Targeting Vietnam and Abroad by @CyfirmaR
- Utilizes GitHub and a Singapore-based VPS server for hosting and distributing malicious code.
- VPS server’s ASN/IPs also host non-functional sites resembling Vietnam government sites.
https://www.cyfirma.com/research/braodo-info-stealer-targeting-vietnam-and-abroad/
9. PHP CGI Argument Injection (CVE-2024-4577)- Vulnerability Analysis and Exploitation by @CyfirmaR
- critical vuln leading to remote code execution.
- if left unpatched, it could enable attackers to gain unauthorized access and control over affected servers
10. THE GHOST IN THE MACHINE: STEALTHY FILELESS MALWARE IN THE WINDOWS REGISTRY by @Securonix ThreatResearch
- By injecting code into registry attackers parse & execute malware directly into running app when the registry key is read by the system or appl
Thanks a lot for reading.