Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.
1. CrowdStrike Falcon Sensor Update: Worldwide Blue Screen of Death (BSOD) Incident Update – II by @CyfirmaR
- cybercriminals quickly exploited the chaos, using phishing campaigns and malicious domains to deceive users
2.FLAME STEALER by @CyfirmaR
- malicious tool available for purchase on Discord & Telegram
- designed to steal Discord tokens, browser cookies & credentials, with numerous users utilizing the tool
https://www.cyfirma.com/research/flame-stealer/
3.Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android by @ESETresearch
- zero-day exploit that allows attackers send malicious payloads as video files in unpatched Telegram (v10.14.4 and older)
4.The tap-estry of threats targeting Hamster Kombat players by @ESETresearch
- Android spyware Ratel pretending to be Hamster Kombat, distributed via Telegram
- for Windows GitHub repos offering farm bots & auto clickers that contain Lumma Stealer cryptors
https://www.welivesecurity.com/en/eset-research/tap-estry-threats-targeting-hamster-kombat-players/
5.APT45: North Korea’s Digital Military Machine by @Mandiant
- APT45 & activity clusters suspected of being linked to group are strongly associated with distinct genealogy of malware families separate from peer North Korean operators like TEMP.Hermit & APT43
https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine
6.Vulnerabilities in LangChain Gen AI by #PaloAlto‘s #Unit42
- CVE-2023-46229
- CVE-2023-44467 (LangChain experimental)
- could have allowed attackers to execute arbitrary code and access sensitive data, respectively
https://unit42.paloaltonetworks.com/langchain-vulnerabilities/
7.Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT by @esthreat
- multiple Gh0st RAT infections from malicious installer masquerading as Chrome browser
- initiated by Gh0stGambit, evasive dropper used to retrieve & execute encrypted payloads
https://www.esentire.com/blog/a-dropper-for-deploying-gh0st-rat
8.Phishing Campaign Targeting Mobile Users in India Using India Post Lures by #FORTIGUARD LABS
- iPhone users are being targeted by smishing attacks by sending iMessage to iPhone users claims that package is waiting India Post warehouse
Thanks a lot for reading.