Jiuma's Security Digest

 Source:  Hackers Exploited GitHub and FileZilla to Deliver Banking Malware (cybersecuritynews.com) According to the Inskit Group at Recorded Future, activities by Russian-speaking threat actors originating from the Commonwealth of Independent States (CIS) have been uncovered as the primary source behind the spread of sophisticated banking malware through GitHub and FileZilla. Despite being known as relatively secure collaboration platforms, their exploitation to spread sophisticated malware and malicious payloads throughout the internet poses a significant threat to both personal and business security.  The methodology used by the attackers revolved around creating fake Github accounts and repositories that mimicked legitimate software offerings such as Bartender 5 and Pixelmator Pro. Subsequently, they opted to instead populate their spoofed repositories with malicious software such as Atomic MacOS Stealer (AMOS) and Vidar, which were designed to steal sensitive informa...

 Source:  Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel (thehackernews.com) Recent revelations have uncovered a worrying trend surrounding Iranian hackers linked to their Ministry of Intelligence and Security (MOIS), namely that they've been the main suspects behind destructive cyberattacks targeting Albania and Israel. These threat actors, also known as 'Void Manticore,' have been utilizing a wiper malware to target critical systems in both countries whilst self-identifying themselves as 'Homeland Justice' and 'Karma.' The threat actors' patterns also display a striking correlation with geopolitical events involving Israel, Albania, and Iran, as attacks targeting the latter victim country had been ongoing since July 2022, while attacks against the former had only begun in earnest following the Israel-Palestine war in October 2023.  Void Manticore's attacks have caused significant disruption, as they've been charact...

 Source:  From Document to Script: Insides of Darkgate's Campaign (forcepoint.com) A recent analysis by Forcepoint's X-labs has uncovered a worrying threat vector through which cyber threats can target users , namely  through commonly shared documents, namely those in XLSX, PDF, and HTML formats.  These are a natural choice for any attacker primarily because of their sheer ubiquity. They represent trustable file formats for the average end user, who typically would open one upon receiving it with no hesitation or second thoughts. However, the research by X-labs has uncovered a phishing campaign called DarkGate, which utilizes a sophisticated attack methodology in which phishing emails containing standard file formats are just the start of a process, which often culminates in remote code execution and the hijacking of user machines. Notably, the campaign's bait of choice to target users are emails that appear to be invoices from 'Intuit QuickBooks', containing a PDF ...

 Source:  New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (thehackernews.com) Cybersecurity researchers have recently uncovered a vulnerability that currently impacts one of the most ubiquitous means of internet connectivity, namely the IEEE 802.11 Wi-Fi standard. This vulnerability allows attackers to use downgrade attacks to eavesdrop on traffic traversing the network, which can have broad implications for the confidentiality, integrity, and availability of the data in networks that are targeted by such attacks. Officially known as SSID confusion and tracked by MITRE as CVE-2023-52424, its scope is comprehensive, as all operating systems and Wi-Fi clients are vulnerable to exploitation. Most notably, the usage of more or less advanced Wi-Fi encryption protocols makes little difference, as clients using WPA3, WEP, 802.11X/EAP, and AMPE protocols are all affected by the attack, irrespective of their technical differences.  Regarding its technic...