December 3, 2023


Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, March 25th, 2023.

1. DotRunpeX – Malware Injector Spreads in Wild

Researchers has released a report about a new malware called dotRunpeX is being developed to distribute variously known malware families, such as BitRAT, Agent Tesla, and LokiBot. DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety of known malware families. It has become a preferred tool for cybercriminals due to its ease of use and ability to bypass security measures. It is a second-stage malware in the infection chain, often transmitted through phishing emails or malicious Google Ads

Advertisements

2. Mispadu Banking Trojan

Researchers discovered a banking trojan called Mispadu, which is getting used in several spam campaigns targeting victims in Latin America – Chile, Mexico, Peru, and Portugal. The findings, which show 90,518 credentials stolen from a total of 17,595 unique websites, includes several government websites: 105 in Chile, 431 in Mexico and 265 in Peru.

The upgraded version of the Mispadu banking Trojan comes with a new backdoor programmed using Rust that  still bypasses endpoint protection tools, but the infection rate is low.

3. New Decryptor for Conti Ransomware Released

A new version of a decryption tool for the Conti ransomware has been published by Kaspersky researchers, based on previously leaked source code for the Conti ransomware. Earlier last year, the source code of the Conti ransomware operation has been released by the  researchers to protest the potential conflict. Based on that , an unknown ransomware group started distributing a modified version of the Conti ransomware in attacks.

Last month, Kaspersky researchers uncovered a new portion of leaked data published on forums and noticed the presence of 258 private keys. The leak also included source code and some pre-compiled decryptor, which allowed the researchers to release new version of the public decryptor.

4. Killnet Targets Healthcare Azure Resources

Russian based threat actor Killnet has been observed targeting healthcare applications hosted using the Microsoft Azure infrastructure for over three months. Microsoft has published the details of the new campaign in an advisory published on last week. The Azure Network Security Team said it saw between 10 and 20 attacks in November 2022 and between 40 and 60 daily attacks in February 2023.

Advertisements

5. NBA suffers a Data Breach – Third Party Provider Data Stolen

The National Basketball Association (NBA) is the latest organization to suffer a data breach, with data stolen following the hack of a third-party newsletter service provider. The association started informing affected fans, describing the data theft as an “incident”. The data stolen from the unnamed third-party provider included names and email addresses but did not include usernames, passwords, or other PII.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day.

6. Trigona Ransomware Dissection

Researchers have discovered a new ransomware family that has been highly active over the past several months. The threat actor known to be Trigona, targets organizations in agriculture, construction, finance, high tech, manufacturing, and marketing in Australia, Italy, France, Germany, New Zealand, and the United States.

Trigona stands out peculiar from other file-encrypting ransomware out there is the use of a .hta ransomware note that contains JavaScript code to display payment instructions to the victim that contains unique victim identifiers, a link to a Tor portal to negotiate with the attackers, and an email address.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: