End-of-Day report
Timeframe: Mittwoch 14-08-2024 18:00 - Freitag 16-08-2024 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Opinion: More layers in malware campaigns are not a sign of sophistication
Ten infection and protection layers to deploy malware sounds impressive and very hard to deal with. However, adding more layers counterintuitively does the opposite for antivirus evasion and is not a sign of sophistication. Why is that so?
https://www.gdatasoftware.com/blog/2024/08/37995-malware-sophistication
Ailurophile: New Infostealer sighted in the wild
We discovered a new stealer in the wild called "Ailurophile Stealer-. The stealer is coded in PHP and the source code indicates potential Vietnamese origins. It is available for purchase through a subscription model via its own webpage. Through the ..
https://www.gdatasoftware.com/blog/2024/08/38005-ailurophile-infostealer
Tusk: unraveling a complex infostealer campaign
Kaspersky researchers discovered Tusk campaign with ongoing activity that uses Danabot and StealC infostealers and clippers to obtain cryptowallet credentials and system data.
https://securelist.com/tusk-infostealers-campaign/113367/
PrestaShop GTAG Websocket Skimmer
During a recent investigation we uncovered another credit card skimmer leveraging a web socket connection to steal credit card details from an infected PrestaShop website.While PrestaShop is not the most popular eCommerce solution for online stores it is still in the top 10 most common ecommerce platforms in use on the web, and clocks in at just ..
https://blog.sucuri.net/2024/08/prestashop-gtag-websocket-skimmer.html
Ransomware Attacks on Industrial Firms Surged in Q2 2024
Dragos has seen a significant increase in ransomware attacks on industrial organizations in Q2 2024 compared to the previous quarter.
https://www.securityweek.com/ransomware-attacks-on-industrial-firms-surged-in-q2-2024/
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
We recount an extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations AWS environments.
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
New infostealer targets macOS devices, appears to have Russian links
Researchers have discovered new information-stealing malware labeled Banshee Stealer that is designed to breach Apple computers.
https://therecord.media/apple-macos-infostealer-banshee-stealer
Iranian backed group steps up phishing campaigns against Israel, U.S.
Google-s Threat Analysis Group shares insights on APT42, an Iranian government-backed threat actor.
https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/
Ransomware Prevention Guide for Managed Service Providers
This comprehensive ransomware prevention guide outlines a strategic approach to preventing ransomware attacks, drawing upon industry best practices, compelling statistics, and expert insights.
https://www.emsisoft.com/en/blog/45911/ransomware-prevention-guide-for-managed-service-providers/
Hacking Beyond.com - Enumerating Private TLDs
My story started a few months ago, when I performed a red team assessment for a major retail company. During the Open Source Reconnaissance (OSINT) phase, I reviewed the SSL certificates that included the client name. In these certificates I identified that the client owned its own top-level domain (TLD). A TLD is the last part of a domain name, the letters that come after ..
https://cloud.google.com/blog/topics/threat-intelligence/enumerating-private-tlds/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Fedora (389-ds-base, dotnet8.0, python3.13, roundcubemail, thunderbird, and tor), Mageia (roundcubemail), Oracle (.NET 8.0, bind and bind-dyndb-ldap, bind9.16, container-tools:ol8, edk2, firefox, gnome-shell, grafana, httpd:2.4, jose, kernel, krb5, mod_auth_openidc:2.3, orc, poppler, python-urllib3, ..
https://lwn.net/Articles/985980/