ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Bad week
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Bad week
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. [...]
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole
As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint
Also: Gootloader Malware, GCHQ Intern Pleads Guilty, Check Point Breach UpdateThis week, a "Fast Flux" warning, Gootloader malware, an GCHQ intern pleaded guilty to stealing top secret data and Check Point undercuts hacking claim. Also, Google rolled out end-to-end encryption for some Gmail users, Apple backported patches and Dutch prosecutors cut internet access.
A PhaaS platform, dubbed 'Morphing Meerkat,' uses DNS MX records to spoof over 100 brands and steal credentials, according to Infoblox Threat Intel
The APT used DNS poisoning to install the Macma backdoor on targeted networks and then deliver malware to steal data via post-exploitation activity.
A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds
Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. [...]
Akamai says it reported the flaws to Microsoft. Redmond shrugged A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers.…
Starting in September 2022, the 'Roaming Mantis' credential theft and malware distribution campaign was observed using a new version of the Wroba.o/XLoader Android malware that incorporates a function for detecting specific WiFi routers and changing their DNS. [...]
Common mistakes in network configuration can jeopardize the security of highly protected assets and allow attackers to steal critical data from the enterprise.
A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies. [...]