🚨 CISA KEV 1[−]
9 Sep KEVCISA Adds Critical RocketMQ Bug to Must-Patch ListThe CISA added CVE-2023-33246 to its Known Exploited Vulnerabilities Catalog. It means government agencies have until September 27 to apply a vendor patch to affected systems, although private enterprises are encouraged to follow suit.INFOSECURITY-MAGAZINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
9 SepMultiple nation-state hackers targeted aerospace company, CISA sayssubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/aerospace-company-hacked-cisa-fbi-cybercom-alert U.S. security agencies have reported that multiple nation-state hackers exploited two vulnerabilities to attack an undisclosed aerospace company this yea…THERECORD.MEDIA
9 SepCISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploiting CVE-2022-47966 and CVE-2022-42475CISA, FBI, and CNMF confirmed that nation-state APT actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application (Zoho ManageEngine ServiceDesk Plus), establish persistence, and move laterally through the network.CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 2[−]
9 SepActive North Korean Campaign Targeting Security ResearchersA new campaign has been discovered with similarities to a previous campaign, including the use of social media sites to build rapport with targets. The threat actors then engage in encrypted messaging and send a malicious file with a 0-day exploit.BLOG.GOOGLE
9 SepNotepad++ 8.5.7 Released With Fixes for Four Security VulnerabilitiesNotepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files.BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 1[−]
9 SepMillions Infected by Spyware Hidden in Fake Telegram Apps on Google PlaySpyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to ca…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 3[−]
9 SepCybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining AttacksA legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate soft…THEHACKERNEWS.COM
9 SepNew Phishing Campaign Launched via Google Looker StudioAs part of the observed attacks, threat actors are using Google Looker Studio to create fake crypto pages that are then delivered to the intended victims in emails sent from the legitimate tool itself.SECURITYWEEK.COM
9 Sep?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary], (Sat, Sep 9th)[This is a Guest Diary by Chris Vucic, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
🌐 CYBER THREAT LANDSCAPE 2[−]
9 SepWeaponized Windows Installers Target Graphic Designers in Crypto HeistAttackers execute malicious scripts through a feature of the installer called Custom Action, dropping several payloads — including the M3_Mini_Rat client stub backdoor, Ethereum mining malware PhoenixMiner, and multi-coin mining threat lolMiner.DARKREADING.COM
9 SepMicrosoft Teams phishing attack pushes DarkGate malwareA new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 3[−]
9 SepDGA Behavior Shifts Raise Cybersecurity ConcernsResearchers at Akamai have unearthed a concerning shift in the behavior of dynamically seeded Domain Generation Algorithm (DGA) families within Domain Name System (DNS) traffic data.INFOSECURITY-MAGAZINE.COM
9 SepUK and US Sanction 11 Russians Connected to Notorious Trickbot GroupThe individuals targeted by the sanctions “include key actors involved in management and procurement for the Trickbot group, which has ties to Russian intelligence services,” according to the U.S. Treasury.THERECORD.MEDIA
9 SepGoogle rolls out Privacy Sandbox to use Chrome browsing history for adsGoogle has started to roll out its new interest-based advertising platform called the Privacy Sandbox, shifting the tracking of user's interests from third-party cookies to the Chrome browser. [...]BLEEPINGCOMPUTER.COM