Security Leftovers

posted by Roy Schestowitz on Aug 19, 2023

• Stealthy ‘LabRat’ Campaign Abuses TryCloudflare to Hide Infrastructure

  The ‘LabRat’ cryptomining and proxyjacking operation relies on signature-based tools and stealthy cross-platform malware, and abuses TryCloudflare to hide its C&Cs.

• Linux Malware: What To Know About the Malware Threat

  Although Linux offers security advantages, users must remain vigilant against various forms of malware and cyberattacks.

• A Deep Dive into CL0P Ransomware [Ed: Here too ransomware is predominantly a Windows problem, but this Microsoft-connected site tries to associate it with "Linux" ]

  "Variants of CL0p were initially only found on Windows systems, but the gang also developed a Linux variant toward the end of 2022, reflecting the diversity of endpoint operating systems used by modern businesses. In an interesting, flawed technical glitch, security researchers noted that the Linux version's encryption is easily reversible using a simple decryptor."

• auDA denies breach claimed by NoEscape ransomware group

  "auDA was alerted to an alleged data breach this afternoon," the organisation said in a statement.

• In Other News: US Hacking China, Unfixed PowerShell Gallery Flaws, Free Train Tickets

  Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 14, 2023.

• Jenkins Patches High-Severity Vulnerabilities in Multiple Plugins

  Jenkins has announced patches for high and medium-severity vulnerabilities impacting several of the open source automation tool’s plugins.

• Companies Respond to ‘Downfall’ Intel CPU Vulnerability

  Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

• Federally Insured Credit Unions Required to Report Cyber Incidents Within 3 Days

  The National Credit Union Administration is requiring all federally insured credit unions to report cyber incidents within 72 hours of discovery.

• CISA Releases Cyber Defense Plan to Reduce RMM Software Risks

  CISA has published a cyber defense plan outlining strategies to help critical infrastructure organizations reduce the risks associated with RMM software.

• Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning

  Exploitation of a Citrix ShareFile vulnerability tracked as CVE-2023-24489 has spiked as CISA added it to its ‘must patch’ catalog.

• Researchers warn of new mass-spreading phishing campaign targeting Zimbra users

  ecurity researchers at ESET s.r.o. today warned of a new mass-spreading phishing campaign actively targeting Zimbra account user credentials. First detected in April, the ongoing campaign is targeting a variety of small and medium businesses and governmental entities.

• Cybersecurity company discovers phishing campaign that uses malicious QR codes

  A cybersecurity company has detected a phishing campaign that uses malicious QR codes to try to steal organizations’ data. Cofense Inc., the Virginia-based email security provider that spotted the campaign, detailed its findings in a Wednesday blog post.

• CISA warns that hackers are actively targeting Citrix’s ShareFile platform

  The U.S. Cybersecurity and Infrastructure Security Agency has determined that hackers are actively launching cyberattacks against deployments of Citrix Systems Inc.’s ShareFile platform. According to CISA officials, the cyberattacks are exploiting a ShareFile vulnerability tracked as CVE-2023-24489 that was publicly detailed last month.