Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.
1.Exploring the D3F@ck Malware-as-a-Service Loader by @esthreat
- individual behind the orchestration of D3F@ck Loader & analysis of D3F@ck Loader samples and extensive list of indicators of compromise discovered during hunting process
https://www.esentire.com/blog/exploring-the-d3f-ck-malware-as-a-service-loader
2.Beyond the wail: deconstructing the BANSHEE infostealer by @elasticseclabs
- targets a wide range of browsers, cryptocurrency wallets, and around 100 browser extensions, making it a highly versatile and dangerous threat
https://www.elastic.co/security-labs/beyond-the-wail
3.CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz by @Threatlabz
- vulnerabilities arise from flaw in override view functionality, which can be exploited by unauthorized threat actors through maliciously crafted requests, leading to RCE
4.ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts by #PaloAlto‘s #Unit42
- compromise of GitHub repos & could lead to high-level access to cloud env via abuse of GitHub Actions artifacts generated as part of CI/CD workflows
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/
5.Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments by #PaloAlto‘s #Unit42
- leveraging exposed environment variable files that contained sensitive variables such as credentials belonging to various applications.
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
6.U.S. Water Structure’s Vulnerability to Cyber Attacks by @CyfirmaR
- the key threats to water infrastructure, the potential consequences of cyberattacks, and the need for enhanced cybersecurity measures.
https://www.cyfirma.com/research/u-s-water-structures-vulnerability-to-cyber-attacks/
7.A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers by #FORTIGUARD LABS
- multi-stage malware that can monitor & control, deploy arbitrary plugins to cause further damage •
- heavy usage of shellcode to execute components directly in memory
https://www.fortinet.com/blog/threat-research/valleyrat-campaign-targeting-chinese-speakers
Thanks a lot for reading.