TheCyberThrone CyberSecurity Newsletter Top 5 Articles

Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending June, 2023

Subscribers favorite #1

American and Southwest Airlines suffer a data breach

A third-party vendor associated with American Airlines and Southwest Airlines experienced a data breach.

Pilot Credentials, which manages the pilot and cadet hiring and recruitment portal for several airlines, had a cybersecurity incident involving some data files. Southwest also confirmed that none of its networks or systems were affected. It notified former applicants whose personal information was involved in the breach and is providing them with complimentary credit monitoring services.

Subscribers favorite #2

Malware Dropper Based on A JavaScript

Researchers have provided details of a new strain of JavaScript-based dropper that delivers two forms of malware onto victims’ systems. Dubbed as PindOS after a user-agent string of the same name in the code, the dropper contains comments in Russian and delivers Bumblebee and IcedID malware.

Bumblebee is a malware loader associated with the Conti ransomware group discovered in March 2022 and acts as a primary vector for multiple types of other malware, including ransomware. IcedID is modular banking malware designed to steal financial information that has been around since 2017.

Researchers discovered the sophistication of the threat actor. The PindOS dropper exhibits a change in how Bumblebee is used, shifting from using PowerShell to JavaScript. The change indicates an attempt by the threat actors to adapt and refine their attack methods to maximize efficiency and evade detection.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Subscribers favorite #3

Killnet Warns on Attacks with Deadly Combo

The pro-Russian hacktivist Killnet claims to be working in concert with a resurgent form of the notorious ReVIL ransomware gang. The group is warning that attacks are imminent, but it’s unclear whether the threats amount to anything more than bluster and saber-rattling, particularly given Killnet’s past track record of, at most, carrying out mildly DDoS attacks.

A video posted on a Russian Telegram channel on June 16, Killnet made ominous threats against the SWIFT banking system, the Wise international wire transfer system; the SEPA intra-Europe payments service; central banks in Europe and the US; and other institutions.

Subscribers favorite #4

Google Fixes Third Chrome Zeroday

Google has released security updates to address a high severity vulnerability, tracked as CVE-2023-3079, in its Chrome web browser. The vulnerability is a type confusion issue that resides in the V8 JavaScript engine.

Google is aware that the vulnerability is being actively exploited in the wild. The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group, which is the team at Google that monitors the activity of nation-state actors. The vulnerability has reported on June 1, 2023, it is likely that the flaw was exploited as part of an exploit used by a state-sponsored APT group.

Subscribers favorite #5

MOVEit Vulnerability Exploited in Wild

Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product to steal data from organizations.

MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads. The vulnerability is a SQL injection vulnerability, it an be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.