Weekly Cybersecurity Wrap-up 4/23/23

This is my weekly post containing the progress and learning that I worked on in the past week. Most of my week was spent working on internal training that my company offers. So less listed here this week.

Webinars

  • None this week.

Articles

  • Hackers can breach networks using data on resold corporate routers – Enterprise-level network equipment on the secondary market hide sensitive data that hackers could use to breach corporate environments or to obtain customer information.
  • Decoy Dog malware toolkit found after analyzing 70 billion DNS queries – Decoy Dog helps threat actors evade standard detection methods through strategic domain aging and DNS query dribbling, aiming to establish a good reputation with security vendors before switching to facilitating cybercrime operations.
  • Google ads push BumbleBee malware used by ransomware gangs – Bumblebee is a malware loader discovered in April 2022, thought to have been developed by the Conti team as a replacement for the BazarLoader backdoor, used for gaining initial access to networks and conducting ransomware attacks.
  • Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach – Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application.
  • TP-Link Archer WiFi router flaw exploited by Mirai malware – The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS (distributed denial of service) swarms.
  • Hackers are breaking into AT&T email accounts to steal cryptocurrency – AT&T says cyber criminals exploited an API issue to take control of victims’ email addresses
  • Hackers Leaked Minneapolis Students’ Psychological Reports, Allegations of Abuse – In a hacking episode that is spiraling from bad to worse, cyber criminals have leaked highly sensitive documents related to droves of Minneapolis students.
  • Ukrainian arrested for selling data of 300M people to Russians – The Ukrainian cyber police have arrested a 36-year-old man from the city of Netishyn for selling the personal data and sensitive information of over 300 million people, citizens of Ukraine, and various European countries.
  • New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets – Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer.
  • Major UK banks including Lloyds, Halifax, TSB hit by outages – Websites and mobile apps of Lloyds Bank, Halifax, TSB Bank, and Bank of Scotland have experienced web and mobile app outages today leaving customers unable to access their account balances and information.
  • Israel’s Prime Minister has his Facebook account hijacked, website knocked offline – the Facebook account of Israel’s Prime Minister was hijacked (albeit briefly) by unauthorized parties who managed to update it with a video of prayers at a mosque, accompanied by Arabic verses from the Quran.

Podcasts

Projects

  • TryHackMe – SOC Level 1 – Network Security and Traffic Analysis – I started working in the Snort room this week.