Cybersecurity Wiretap #14: From CrowdStrike Falcon Sensor Update to EvilVideo with Focus on Vulnerabilities in LangChain Gen AI (week of 07/22/2024)

Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.

1. CrowdStrike Falcon Sensor Update: Worldwide Blue Screen of Death (BSOD) Incident Update – II by @CyfirmaR

  • cybercriminals quickly exploited the chaos, using phishing campaigns and malicious domains to deceive users

https://www.cyfirma.com/research/crowdstrike-falcon-sensor-update-worldwide-blue-screen-of-death-bsod-incident-update-ii/

2.FLAME STEALER by @CyfirmaR

  • malicious tool available for purchase on Discord & Telegram
  • designed to steal Discord tokens, browser cookies & credentials, with numerous users utilizing the tool

https://www.cyfirma.com/research/flame-stealer/

3.Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android by @ESETresearch

  • zero-day exploit that allows attackers send malicious payloads as video files in unpatched Telegram (v10.14.4 and older)

https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/

4.The tap-estry of threats targeting Hamster Kombat players by @ESETresearch

  • Android spyware Ratel pretending to be Hamster Kombat, distributed via Telegram
  • for Windows GitHub repos offering farm bots & auto clickers that contain Lumma Stealer cryptors

https://www.welivesecurity.com/en/eset-research/tap-estry-threats-targeting-hamster-kombat-players/

5.APT45: North Korea’s Digital Military Machine by @Mandiant

  • APT45 & activity clusters suspected of being linked to group are strongly associated with distinct genealogy of malware families separate from peer North Korean operators like TEMP.Hermit & APT43

https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine

6.Vulnerabilities in LangChain Gen AI by #PaloAlto‘s #Unit42

  • CVE-2023-46229
  • CVE-2023-44467 (LangChain experimental)
  • could have allowed attackers to execute arbitrary code and access sensitive data, respectively

https://unit42.paloaltonetworks.com/langchain-vulnerabilities/

7.Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT by @esthreat

  • multiple Gh0st RAT infections from malicious installer masquerading as Chrome browser
  • initiated by Gh0stGambit, evasive dropper used to retrieve & execute encrypted payloads

https://www.esentire.com/blog/a-dropper-for-deploying-gh0st-rat

8.Phishing Campaign Targeting Mobile Users in India Using India Post Lures by #FORTIGUARD LABS

  • iPhone users are being targeted by smishing attacks by sending iMessage to iPhone users claims that package is waiting India Post warehouse

https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-mobile-users-in-india-using-india-post-lures

Thanks a lot for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.