Each week Zacco tracks the latest cyber security threats, current industry news or trends and insights into the latest protection best practice. The Cyber Security Digest is a weekly compilation of the most significant developments within both cybersecurity and digital protection space, with links to further information on how it might affect you, your company or your clients.
Essential reading for cyber security professionals, as well as the general public, to keep you informed of current events and emerging threats.
Sky news a British news agency was about to get their hands on five internal reports for a secret offensive cyber unit of the Iranian government which is the Islamic Revolutionary Guard Corps. There were around 60 files and all the files were marked very confidential. The Iranian government is trying to improve its offensive cyber capabilities, including targeting industrial control systems (ICS).
Microsoft said in their technical write-up that the new malware is also capable of stealing credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity apart from its traditional bot and mining activities
Zhengyu Dong, Fyodor Yarochkin, and Steven Du researchers from Trend Micro said that this is the first time they have seen this APT group has been publicly observed in delivering the Android Trojan. This Trojan could read contacts, write to external storage, keep the device awake, access information about cellular and Wi-Fi networks, precise location
A report from Kaspersky has shown that there is a rise in the number of fake Windows 11 installers. Hackers are providing fake to the win11 installer promising the users for the new Windows 11 insider preview. These installers will then deliver malware and adware payloads onto the computer
Earlier this July the vulnerabilities in Kaseya were exploited to deliver malware. Kaseya has obtained the universal descriptor key from a third party. The cybersecurity company Emsisoft has tested the key and confirmed that it is working. The company is helping the affected customers to restore their work environment
The network equipment vendor has released firmware fixes for its DIR 3040 routers which have multiple vulnerabilities. A successful exploit can allow hackers to execute arbitrary code, gain access to sensitive information or even crash the device. The flaws were discovered by Cisco Talos researchers
Researchers from Cyble has discovered a new Android Malware campaign “Joker” which posed as a QR scanner to target android users. The authors keep modifying the malware to avoid play protecting detection
Earlier this week Instagram introduced a new security check-up feature. This allows users to keep their accounts safe and help users to recover their account. To gain access to the accounts the users will need to go through few security steps such as checking recent login activity, reviewing profile information and updating contact details etc.,
Microsoft has released fixes for 117 vulnerabilities for July 2021. Among 117, 13 are classified as critical and 103 as important, and 1 as moderate. 53% of the vulnerabilities are locally exploitable and 44% are remotely exploitable
A general investigation by experts at McAfee have detected a new technique used by hackers in a phishing campaign; macro-obfuscation, DDE, living off the land tools (LOLBAS), and even using legacy supported XLS formats to execute all the operations. The experts have identified the malware as ZeuS banking trojan
Lookout Threat lab security research has identified around 170 fake android applications from which 25 of them have been found in the play store. These apps scam people interested in investing in cryptocurrency. The hackers have managed to steal 350000 million dollars from 93000 users
Taking advantage of the cyberattack incident in Kaseya there is a rise in the number of email campaigns. The email claims to be a shipping order renewal with a link to Kaseya’s own website. When the user clicks the link, it is direct to a different server where the malicious file exists
Milum is the new Trojan by the APT group WildPressure which is targeting Windows and macOS. This trojan allows threat actors to gain remote access to the device which are compromised in the attack
The vulnerability was discovered by Ignacio Laurence, Vansh Devgan, and Shivam Kumar Singh with CyberXplore Private Limited. Windows has now rolled out updates that fix two security issues. One of being a security bypass vulnerability that, if exploited, could inject, and execute arbitrary code in the context of any website
The updated version of Google Scorecard produces a “Risk Score” for open-source software with improved checks and capabilities to make the data accessible for analysis. The update comes with features like, checks for contributions from malicious authors or compromised accounts that can introduce potential backdoors into code. Use of fuzzing (e.g., OSS-Fuzz), and static code analysis tools (e.g., CodeQL), signs of CI/CD compromise, and bad dependencies
On Thursday, Microsoft issued a warning against an RCE vulnerability (Printnightmare) affecting windows print spooler. Windows said that a successful exploit could allow attackers to run arbitrary code with system privileges and could install programs; view, change or delete data; or create new accounts with full user rights
