A week in security (April 02 – April 08)

A week in security (September 30 – October 6)

Last week on Malwarebytes Labs, Malwarebytes renewed its pledge to fight stalkerware for National Cybersecurity Awareness (NCSA) and Domestic Violence Awareness Month. We also looked into what security orchestration is and reported about partnering with security firm, HYAS, to determine the relationship between Magecart Group 4 and Cobalt, the infamous APT group behind sophisticated financially motivated attacks on financial institutions in Europe and Asia.

Other cybersecurity news

  • In an ingenious attempt to affect Internet users and bank on their interest on certain online topics, threat actors have found a way to let Google push out campaigns for them—for free—via Google Alert. (Source: SC Magazine UK)
  • News of SMS-based attacks are becoming more frequent compared to previous years. Security Research Labs (SRLabs) recently released a report containing findings on the true scale of the simjacking vulnerability and its potential damage against targets once exploited. (Source: Forbes)
  • According to a new study on consumer behavior, scammers find more success in luring victims in, engaging them, and stealing their money via ads in Internet marketplaces compared to robocalls. (Source: The Wall Street Journal)
  • Insikt Group, a collection of veteran threat researchers, pushed out a report on two threat actors who offer disinformation-as-a-service (DaaS) on Russian underground forums to understand how positive and negative disinformation is created and distributed on the Internet. (Source: Recorded Future)
  • The Media Trust discovered a new malware they dubbed GhostCat-3PC that targets known online publishers in the US and Europe. It is capable of slipping past conventional blockers to hijack mobile web sessions. (Source: The Media Trust)
  • Several hospitals in Victoria, Australia, were hit by a still unknown ransomware strain. (Source: The ABC Australia)
  • Microsoft announced that it will add 38 more file types to its lengthening block list in Outlook. Some of these are files associated with Python, PowerShell, Java, and digital certificates. (Source: Sophos’s Naked Security Blog)
  • The Adwind RAT, a piece of malware used against institutions in the retail and hospitality sectors, was found being actively used in campaigns against US organizations in the oil industry. They also noticed a slight changed in its behavior: Adwind has now more obfuscation capabilities. (Source: Netskope)
  • OpenDocument Text (ODT), a less mainstream document file type that can be opened by Microsoft Office and popular free open-source software, was found in recent attack campaigns to distribute malware. The targets of these campaigns were English- and Arabic-speaking users. (Source: Bleeping Computer)
  • The British government’s National Cyber Security Centre (NCSC) issued an alert about advanced persistent threat actors actively exploiting vulnerabilities in VPN products that are used worldwide. (Source: The National Cyber Security Centre)

Stay safe!