Cyber Hub

This week, security researchers shared a research report on a new phishing campaign that abuses the legitimate Adobe Acrobat Sign service to distribute the Redline info stealer. In addition, security researchers identified a new campaign of the Emotet malware, which now distributes using Microsoft OneNote files.

Over the past week, Fortinet issued fixes to address several security flaws, including one critical vulnerability affecting FortiOS and FortiProxy.

This past week, researchers discovered a new info stealer post-exploitation framework used by attackers - named Exfiltrator-22. Moreover, researchers observed the first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems – named BlackLotus. Furthermore, security researchers reported the MqsTTang, a new backdoor using by the Mustang Panda APT group that allows threat actors to execute arbitrary code and get output. In addition, security researchers shared a research report on a sophisticated cloud operation known as SCARLETEEL, which specifically targets public-facing web apps running in containers. Finally, researchers discovered a variant of the PlugX remote access trojan abusing an open-source debugging tool to evade detection, and eventually compromising systems and obtaining a foothold.

This week, security researchers shared a research report on several malware campaigns that abuse the popularity surrounding the AI-based Chat-GPT to infect users and steal sensitive information. Furthermore, researchers shed some light on Mylobot – a new malware that aims to turn Windows systems into proxies to conceal cybercriminal activity. The IcedID malware was also observed using URL files and WebDAV as a new infection technique. Researchers have also discovered an unknown threat actor using a Discord-based campaign featuring the PureCrypter downloader, to deliver a secondary payload of various types of malwares. Finally, researchers have discovered a new info stealer named Stealc.

This week, researchers shared their analysis of the MortalKombat ransomware and the Laplas Clipper malware. Furthermore, security researchers shared a research report on a recently discovered ransomware strain called CatB, which encrypts Windows machines worldwide.

Over the past week, OpenSSL fixed eight vulnerabilities in its applications that could lead to an application crash, disclose memory contents, or even recover plaintext messages sent over a network.

Over the past week, Atlassian reported a critical vulnerability in its Jira Service Management Server and Data Center, which allows an unauthenticated attacker to impersonate other users and access the systems.

This week, researchers shared a full-coverage report regarding a GootLoader variant, GOOTLOADER.POWERSHELL. Researchers also this week uncovered a new Python-based Remote Access Trojan (RAT) named PY#RATION, abusing WebSockets to carry out its malicious activities and avoid detection.

Over the past week, researchers have shared findings indicating that the QBot malware leveraged an unpatched vulnerability to bypass Windows OS Mark-of-the-Web (MoTW) security features in a recent phishing campaign. Furthermore, security researchers reported the use of polyglot MSI/JAR and CAB/JAR files to distribute StrRAT and Ratty. Finally, researchers have uncovered a cyber espionage campaign believed to have been carried out by a China-based group. The group is suspected of exploiting a zero-day vulnerability in Fortinet's FortiOS SSL-VPN - known as CVE-2022-42475 - for distributing a new malware backdoor.

This week, security researchers observed the Gootloader malware using a new infection technique that ended up distributing Cobalt Strike payloads. Furthermore, security researchers spotted a RAT campaign using polyglot MSI/JAR and CAB/JAR files to evade detection from security tools. Lastly, cybersecurity researchers released a report on a new stealer called Rhadamanthys, being sold using a Malware as a Service (MaaS) model, which distributed its malicious payloads via Google Ads and spam email to eventually gain unauthorized access to corporate networks.