Cyber security weekly recap (01-06 Nov)

Cyber Secyrity Recap 01 06.11 Nov 1024x636

Chinese hackers are deploying LODEINFO malware in a new, stealthy chain of infections.

Attacks against Japanese organizations from the Chinese state-sponsored threat actor Stone Panda have been spotted using a new covert infection chain.

Kaspersky has released a report claiming that Japanese media, diplomatic, government, and public sector institutions, as well as think tanks, are all potential targets.

Cyber espionage group Stone Panda (also known as APT10, Bronze Riverside, Cicada, and Potassium) is notorious for its breaches into strategically significant government and military targets. There is evidence that this threat actor has been operating since at least 2009.

Between March and June 2022, a new wave of assaults was spotted using spear-phishing emails to spread malicious files, including a fake Microsoft Word document and an SFX file in RAR format that, when opened, would execute a backdoor program known as LODEINFO.

Microsoft Azure’s Cosmos DB Is Vulnerable to the Critical Remote Code Execution Flaw Known as “CosMiss”.

On Tuesday, Microsoft announced that they have patched a vulnerability in Jupyter Notebooks for Azure Cosmos DB that allowed remote users to read and write data.

Researchers Lidor Ben Shitrit and Roee Sagi from Orca Security found that an attacker could gain access to a notebook without authentication if they knew the Notebook’s “forwardingId”, or the UUID of the Notebook’s workspace. This includes a read and write access, as well as the ability to modify the file system of the container running the notebook.

The tech giant stated it had fixed the CosMiss flaw globally on October 6, 2022, following the disclosure. Customers not using Jupyter notebooks were not subject to this issue.

Security Flaw Allows Unauthorized Access to 130 GitHub Code Repositories through Dropbox

On Tuesday, Dropbox, a service that stores and syncs files, said that 130 of its GitHub projects had been compromised by a phishing attempt.

A few thousand names and email addresses belonging to Dropbox employees, present and previous customers, sales prospects, and suppliers were compromised as a consequence of the incident.

Dropbox did note, however, that the repositories did not include any code for the company’s essential applications or infrastructure.

As of August 2022, Dropbox has over 17.37 million paid subscribers and 700 million registered users. Dropbox’s features include cloud storage, data backup, and document signing.

The RomCom RAT Is Being Distributed by Hackers through Corrupted Versions of KeePass and SolarWinds

The criminals behind the RomCom RAT virus have updated their tactics once again, this time spreading false versions of popular programs like SolarWinds Network Performance Monitor, KeePass, and PDF Reader Pro via compromised websites.

Victims in Ukraine and a few other English-speaking countries, including the United Kingdom, are the operation’s targets.

Trojanized versions of Advanced IP Scanner and pdfFiller have been found being used as droppers by the unknown threat actor, who is also responsible for spreading the implant.

The most recent variant of the campaign includes creating phony websites with very identical domain names, posting an installation package of harmful software that is infected with malware, and sending phishing emails to unsuspecting users.

Developers were targeted with 29 malicious PyPI packages infected with the W4SP Stealer.

Researchers in the field of cybersecurity have identified 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, designed to infect developers’ workstations with malware known as W4SP Stealer.

According to a study by software supply chain security firm Phylum, the main attack appears to have begun about October 12, 2022, slowly gaining up the pace to a concentrated effort around October 22.

Some of the libraries (like twyne and colorsama) have been downloaded over 5,700 times thanks to typosquatting.

Phylum predicts that additional malware like this will emerge since this is a continuous campaign with constantly changing methods from a motivated adversary.

Hackers are targeting publicly disclosed zero-day vulnerabilities, a report by Microsoft reveals.

Microsoft has issued a warning about the rise of hackers using publicly disclosed zero-day flaws. The company is warning of an increase in the use of publicly revealed zero-day vulnerabilities by the nation-state and criminal actors.

In the 114-page report, the tech giant highlighted the need to swiftly patch known security flaws.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment