This is my weekly post containing the progress and learning that I worked on in the past week. Most of my week was spent working on internal training that my company offers. So less listed here this week.

Webinars

• None this week.

Articles

• Hackers can breach networks using data on resold corporate routers – Enterprise-level network equipment on the secondary market hide sensitive data that hackers could use to breach corporate environments or to obtain customer information.
• Decoy Dog malware toolkit found after analyzing 70 billion DNS queries – Decoy Dog helps threat actors evade standard detection methods through strategic domain aging and DNS query dribbling, aiming to establish a good reputation with security vendors before switching to facilitating cybercrime operations.
• Google ads push BumbleBee malware used by ransomware gangs – Bumblebee is a malware loader discovered in April 2022, thought to have been developed by the Conti team as a replacement for the BazarLoader backdoor, used for gaining initial access to networks and conducting ransomware attacks.
• Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach – Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application.
• TP-Link Archer WiFi router flaw exploited by Mirai malware – The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS (distributed denial of service) swarms.
• Hackers are breaking into AT&T email accounts to steal cryptocurrency – AT&T says cyber criminals exploited an API issue to take control of victims’ email addresses
• Hackers Leaked Minneapolis Students’ Psychological Reports, Allegations of Abuse – In a hacking episode that is spiraling from bad to worse, cyber criminals have leaked highly sensitive documents related to droves of Minneapolis students.
• Ukrainian arrested for selling data of 300M people to Russians – The Ukrainian cyber police have arrested a 36-year-old man from the city of Netishyn for selling the personal data and sensitive information of over 300 million people, citizens of Ukraine, and various European countries.
• New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets – Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer.
• Major UK banks including Lloyds, Halifax, TSB hit by outages – Websites and mobile apps of Lloyds Bank, Halifax, TSB Bank, and Bank of Scotland have experienced web and mobile app outages today leaving customers unable to access their account balances and information.
• Israel’s Prime Minister has his Facebook account hijacked, website knocked offline – the Facebook account of Israel’s Prime Minister was hijacked (albeit briefly) by unauthorized parties who managed to update it with a video of prayers at a mosque, accompanied by Arabic verses from the Quran.

Podcasts

• Security Now 919 – Forced Entry

Projects

• TryHackMe – SOC Level 1 – Network Security and Traffic Analysis – I started working in the Snort room this week.

It’s a thing officially. PentestGPT is a penetration testing tool powered by ChatGPT designed to automate the penetration testing process.

You are the CTO of a company. You need to make the right decisions to protect the company. Good luck!

• Play the game

Test your knowledge about the cyberspace domain and learn about U.S. Military cyberdefense.

• Start the game.

In this interactive video based game you are a CISO for a hospital and need to make decisions to protect this hospital from cyber attack. Think choose your own adventure video game. I really enjoyed this way of learning and I think you will too. Good luck.

• Game description
• Game

Webinars

• Zero Trust Metrics: Track Progress and Program Maturity – The CISA Zero Trust Maturity Model is filled with concepts and language appropriate for federal agencies, but it doesn’t always translate to the private sector, and certainly not to smaller, less-mature mid-market organizations.
• (ISC)2 Los Angeles Chapter Meeting

Articles

• Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration – Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks.
• LockBit ransomware encryptors found targeting Mac devices – The LockBit ransomware gang has created encryptors targeting Macs for the first time, likely becoming the first major ransomware operation to ever specifically target macOS.
• NCR suffers Aloha POS outage after BlackCat ransomware attack – NCR is suffering an outage on its Aloha point of sale platform after being hit by an ransomware attack claimed by the BlackCat/ALPHV gang.
• Western Digital Hackers Demand 8-Figure Ransom Payment for Data – Western Digital has yet to comment on claims that the breach reported earlier this month led to data being stolen.
• Hackers abuse Google Command and Control red team tool in attacks – The Chinese state-sponsored hacking group APT41 was found abusing the GC2 (Google Command and Control) red teaming tool in data theft attacks against a Taiwanese media and an Italian job search company.
• Army helicopter crash blamed on skipped software patch – The emergency ditching of an Australian military helicopter in the water just off a beach in New South Wales, has been blamed on the failure to apply a software patch.
• Lazarus hackers now push Linux malware via fake job offers – A new Lazarus campaign considered part of “Operation DreamJob” has been discovered targeting Linux users with malware for the first time.
• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones – Fitness apps such as Strava leak sensitive location information of users, even when they’ve used in-app features to specifically set up privacy zones to hide their activity within specified areas, researchers have found.
• March 2023 broke ransomware attack records with 459 incidents – March 2023 was the most prolific month recorded by cybersecurity analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022.
• Major US CFPB Data Breach Caused by Employee – The sensitivity of the personal information involved in the breach has yet to be determined by agency officials, but it affects 256,000 consumers.
• American Bar Association data breach hits 1.4 million members – The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members.

Podcasts

• Security Now 917: Zombie Software
• Smashing Security 317: Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
• Security Now 918: A Dangerous Interpretation
• Smashing Security 318: Tesla workers spy on drivers, and Operation Fox Hunt scams

Projects

TryHackMe – Finished Open CTI and MISP rooms as part of the SOC Analyst learning path, which completes the cyber threat intelligence section. Next is network security and traffic!

These two terms are used interchangeably from most of what I see out there, thats why I’ve put them together like this in the title. I know people have strong feelings about this, but the reason I do this is to make sure every who is looking for this information can find it easily.

For those who follow this blog you will notice that I usually post all articles / white papers in my weekly wrap-up post. I’m posting this separately because I think it deserves its own post. This is a very comprehensive article by Byte Breach. I encourage anyone interested to read and work through this article. Good luck all!