September 30, 2023

Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending March, 2023

Subscribers favorite #1

CISA Debuts Decider Tool to Help with MITRE ATT&CK Mapping

Last month, the US CISA has released a tool designed to help researchers, analysts and network defenders map threat actors’ tactics, techniques, and procedures to the MITRE ATT&CK framework. The Homeland Security Systems Engineering and Development Institute (HSSEDI) developed the Decider tool with MITRE’s ATT&CK team.

Decider is a web application that serves as a companion to the document Best Practices for MITRE ATT&CK Mapping and enables cyber defenders to facilitate mapping to the framework by walking them through guided questions about the activity of adversaries.

Since the CISA announced its initial edition of Best Practices for MITRE ATT&CK Mapping nearly two years ago, the ATT&CK framework has evolved, expanded, and improved its ability to support more than just optimized cyber threat intelligence to the cybersecurity community.

To match these advances, the security agency published a second edition of its mapping guide and debuted the Decider tool as a new accompaniment to the guide. The tool helps network defenders, analysts, and researchers create ATT&CK mappings easier to get right by walking users through the mapping process.


Subscribers favorite #2

Microsoft Outlook Patched Zero Day Vulnerability Details CVE-2023-23397

A critical vulnerability that is identified as a Zeroday in the Microsoft Outlook/365 applications suite is being actively abused in the wild and requires a mandatory patching. The vulnerability tracked as CVE-2023-23397, with the CVSS score of 9.8, lets a remote and unauthenticated attacker breaches the system by sending a specially crafted email that allows them to steal the recipient’s credentials.

As Microsoft notes in its own guidance for the Microsoft 365 vulnerability: “The email] triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.”

This vulnerability for microsoft outlook affects both 32 and 64-bit versions of Microsoft 365 Apps for Enterprise. Office 2013, 2016, and 2019 (as well as LTSC) are also vulnerable to attack, which is triggered by a malicious email that causes a connection from the victim to a location under attacker control; leaking the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.


We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Subscribers favorite #3

IceID Malware Shifting Focus to Ransomwares

Researchers have spotted three new variants of the IcedID malware are being used by multiple threat actors with their codes shifted away from launching banking trojans to more of a focus on ransomware. A new version with potentially a separate panel for managing the malware. While much of the code base is the same, the threat actors have removed banking functionality, such as web injects and back connect.

The first new variant of IcedID dubbed “IcedID Lite” distributed as a follow-on payload in a TA542 Emotet campaign. This was dropped by the Emotet malware soon after the actor recently returned to the cybercrime landscape after a nearly four-month break.

Subscribers favorite #4

HDFC Bank Suffers a Data Breach

A  cyber-attack in HDFC Bank during last month resulted in the data breach of almost 30 GB of customer data allegedly belonging to HDB Financial Services was leaked online on a hacker forum. HDB Financial Services is the non-banking lending arm of private sector lender HDFC Bank. The data is estimated to contain around 73 million entries and is from the period between May 2022 and February 2023, said two people who have seen the data dump.

The sample of the data contains consumer information pertaining to two categories of loans—consumer durable loans and two-wheeler loans. 


Subscribers favorite #5

DotRunpeX – Malware Injector Spreads in Wild

Researchers has released a report about a new malware called dotRunpeX is being developed to distribute variously known malware families, such as BitRAT, Agent Tesla, and LokiBot.

DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety of known malware families. It has become a preferred tool for cybercriminals due to its ease of use and ability to bypass security measures. It is a second-stage malware in the infection chain, often transmitted through phishing emails or malicious Google Ads.

This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Leave a Reply

%d bloggers like this: