This Week in CyberSecurity: Aug 28 – Sep 01

Written by Andrew Doyle

September 1, 2023

This Week in CyberSecurity: Aug 28 – Sep 01

Android Trojan MMRat Exploits Accessibility Feature for Remote Financial Fraud

The Android banking trojan known as MMRat has emerged as a significant threat, primarily targeting users in Southeast Asia since late June 2023. This trojan, operating inconspicuously under the package name, has garnered attention for its capability to manipulate… Read more

Earth Estries’ Espionage Campaign Targets Governments and Tech Titans Across Continents

A cyber espionage campaign has been attributed to a hacking group referred to as Earth Estries. This group has been targeting government and technology sectors in various countries, including the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. Notably, Earth Estries demonstrates a high level of sophistication in its operations, leveraging extensive resources and expertise in cyber espionage and… Read more

Hackers Leverage Brute Force Attacks on Cisco VPNs for Network Breaches

Hackers are turning their focus towards exploiting security vulnerabilities within Cisco Adaptive Security Appliance (ASA) SSL VPNs. The attacks, employing tactics like credential stuffing and brute-force techniques, have identified a gap in defense strategies… Read more

Malicious Python Packages in PyPI Repository Traced Back to North Korean Hackers

ReversingLabs, a leading security research firm, unearthed three new malicious Python packages within the widely used Package Index (PyPI) repository. The campaign, identified as VMConnect, is suspected to be orchestrated by North Korean state-sponsored threat actors. The malevolent packages in question are dubbed tablediter, request-plus, and requestspro. VMConnect, originally disclosed earlier… Read more

Cybercriminals Target VMware Aria Operations Networks Exploiting Critical Vulnerability

VMware has recently issued crucial software updates to rectify security vulnerabilities identified within Aria Operations for Networks. These vulnerabilities bear the potential to be exploited for circumventing authentication protocols and gaining unauthorized remote code execution. The first flaw, designated as CVE-2023-34039 with a CVSS score of 9.8, stems from an instance of authentication bypass attributed to the… Read more

Malicious Rust Libraries Detected Transmitting OS Information to Telegram

A series of malicious packages has come to light in the Rust programming language’s crate registry, signaling yet another instance of software supply chain attacks targeting developers. The reported discovery points to a timeline spanning August 14 to 16, 2023, during which “amaperf,” an identified user, uploaded these libraries. This incident raises concerns about the security of the software supply chain, as the said packages—namely… Read more

Chinese APT Group Targets Government, Military, and Telecom Sectors with Barracuda Zero-Day Exploit

A hacking group with ties to China has capitalized on a recently exposed zero-day vulnerability in Barracuda Networks Email Security Gateway (ESG) devices, effectively breaching critical sectors including government, military, defense, aerospace, high-tech industry, and telecommunications.

The operation, monitored by Mandiant and codenamed UNC4841, portrays the threat actor as highly adaptive to defensive measures, demonstrating the ability to adjust tactics to ensure continuous access to targeted systems. Read more

Microsoft Issues Advisory on AI-Enhanced Phishing-as-a-Service Attacks

Microsoft has issued a warning about a surge in adversary-in-the-middle (AiTM) phishing tactics, aligning with the burgeoning trend of phishing-as-a-service (PhaaS). This trend has also found its way into established phishing services such as PerSwaysion, which are now incorporating AiTM functionalities. AiTM-equipped phishing kits operate through two distinct approaches. The first involves… Read more

Upgraded KmsdBot Malware Targets IoT Devices with Advanced Features

KmsdBot, a botnet malware, has set its sights on a new frontier – Internet of Things (IoT) devices. In a detailed analysis presented by Akamai security researcher Larry W. Cashdollar, it was revealed that the updated binary of KmsdBot now boasts enhanced features, including Telnet scanning capabilities and compatibility with an expanded array of CPU architectures. Read more

Critical Vulnerability in Citrix NetScaler Exploited by Ransomware Groups

Unpatched Citrix NetScaler systems exposed to the online sphere have fallen prey to targeted actions initiated by unidentified threat actors, suggesting a probable ransomware incursion. Cybersecurity firm Sophos is diligently monitoring the pattern of activities, attributing them to the STAC4663 cluster. These incidents are characterized by an intricate chain of attack, centering on the exploitation of CVE-2023-3519, a high-severity code injection vulnerability that… Read more

Rhysida Gang Claims Prospect Medical Ransomware Attack

In a recent turn of events, the Rhysida ransomware group has come forward as the orchestrator of the extensive cyber assault on Prospect Medical Holdings. The breach, which transpired on August 3rd, has sent shockwaves through the healthcare industry. Initial findings suggest that the attackers managed to gain unauthorized access to sensitive information, including 500,000 social security numbers, crucial corporate files, and… Read more

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!