Start of the Week Cybersecurity Digest: 2 Sep 2024

Cicada 3301 Targets ESXI, Rocinante and Stealer Malware Analyzed

Author

Greg
September 02, 2024

The Cybersecurity Digest Newsletter

Date: 2 Sept 2024

Happy Monday Everyone! To those of you celebrating Labor Day, I hope you can enjoy your day off! Today’s Newsletter is in a new, more condensed format. I hope this format is more visually pleasing. Please let me know your thoughts by commenting on the website version for this newsletter!

I just want to take a moment to thank you all for the support. Today is also Monday, which means that our weekly podcast has released recapping the top stories from the past week. If you would like to check out the weekly podcast you can do so by clicking the link.

If this newsletter is helping you stay up to date, I ask that you please share it with your colleagues and friends, as it would really help continue to grow this platform.

**Please note that Blue Article Titles and gray boxes link directly to other articles or sources used. Additionally, if the background is too dark for text on mobile, try turning off your phones dark mode.

Notable News

Image generated with DALL-E

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

North Korean hackers exploited a Google Chrome zero-day flaw to deliver the FudModule rootkit, targeting cryptocurrency platforms.

Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems

A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide.

GitHub comments abused to push password stealing malware masked as fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments.

Recent Research

Image generated with DALL-E

Anatomy of a Lumma Stealer Attack via Fake CAPTCHA Pages | InfoStealers

As of late August 2024, attackers have been using fraudulent "human verification" pages to trick users into executing a malicious PowerShell script. This blog post will explore the full attack vector, detailing how the malware is delivered, executed, and the indicators of compromise (IOCs) involved.

Scammers Use ScreenConnect to Defraud SSA Beneficiaries

Cyble Research and Intelligence Labs (CRIL) analyzes an ongoing campaign in which scammers are targeting US citizens by impersonating trusted platforms such as Zoom and the Social Security Administration (SSA).

Rocinante: The trojan horse that wanted to fly

New DTO malware appears in Brazil, posing as security updates and banking applications.

What Type of Social Engineering Targets Senior Officials - SOCRadar® Cyber Intelligence Inc.

Cybercriminals often utilize various social engineering tactics to manipulate and take advantage of human psychology to trick others into disclosing private

New Snake Keylogger Variant Slithers Into Phishing Campaigns

Beware of Snake Keylogger: a new variant targeting unsuspecting victims. Find out how it infiltrates systems and steals sensitive information.

Prevalent Patches

Image generated by DALL-E

Nothing New To Report

Since our last newsletter, there have been no new patches worth noting! Stay tuned, as I am sure there will be some by the next newsletter!

CISA Corner

Image generated by DALL-E

This was something that had come out prior to the last newsletter, however I had missed it.

The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new CISA Services Portal for cyber incident reporting, enhancing functionality and security. This portal integrates with login.gov credentials and allows users to save, update, and share reports, as well as engage in informal discussions with CISA. The agency also released a voluntary cyber incident reporting resource to guide organizations on who should report incidents, why and when to report, and what and how to report. CISA encourages all organizations to use this streamlined portal to report cyber incidents, aiding in response and recovery efforts and helping prevent attackers from reusing techniques on other victims.

 

Conclusion:

Thank you for reading this edition of the Cybersecurity Digest Newsletter. If you enjoyed this newsletter, please share with someone you know who would benefit from this information.

I hope you enjoyed the new format!

Before you go here is a Dad Joke:


Why was the vegetable lonely?
It had no pear.

Until next time, Stay Secure!

Reply

or to participate.