Afternoon Dessert - 2022-09-07

Welcome to another Afternoon Dessert breakout:

Ransomware gang's Cobalt Strike servers DDoSed with anti-Russia messages
Someone is flooding Cobalt Strike servers operated by former members of the Conti ransomware gang with anti-Russian messages to disrupt their activity. [...]
Read more....

Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards
An international law enforcement operation has resulted in the dismantling of WT1SHOP, an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The seizure was orchestrated by Portuguese authorities, with the U.S. officials taking control of four domains used by the website: "wt1shop[.]net," "wt1store[.]cc," "wt1store[.]com," and "
Read more....

4 Key Takeaways from "XDR is the Perfect Solution for SMEs" webinar
Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually more frequent targets of cyberattacks. Many SMEs understand this risk firsthand.  In a recent survey, 58% of CISOs of SMEs said that their risk of attack was higher compared to enterprises. Yet, they don't have the same resources as enterprises –
Read more....

New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices
A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. "An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist," AT&T Alien Labs said in a new report published Tuesday. The findings add to a
Read more....

North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns
The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. "While being
Read more....

Are Default Passwords Hiding in Your Active Directory? Here's how to check
One of the biggest cybersecurity mistakes that an organization can make is failing to change a default password. The question is, how can you track down default passwords in your Windows Active Directory once they're no longer useful? [...]
Read more....

New Iranian hacking group APT42 deploys custom Android spyware
A new Iranian state-sponsored hacking group known as APT42 has been discovered using a custom Android malware to spy on targets of interest. [...]
Read more....

200,000 North Face accounts hacked in credential stuffing attack
Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack that has resulted in the hacking of 194,905 accounts on the thenorthface.com website. [...]
Read more....

Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks
Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022. The findings, which come from Google's Threat Analysis Group (TAG), builds upon a prior report published in July 2022, detailing the continued cyber activity aimed at the Eastern European nation amid the ongoing Russo-Ukrainian war. "UAC-0098 is a threat
Read more....

Ukraine dismantles more bot farms spreading Russian disinformation
The Cyber Department of the Ukrainian Security Service (SSU) dismantled two more bot farms that spread Russian disinformation on social networks and messaging platforms via thousands of fake accounts. [...]
Read more....

Cisco won’t fix authentication bypass zero-day in EoL routers
Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL). [...]
Read more....

HP fixes severe bug in pre-installed Support Assistant tool
HP issued a security advisory alerting users about a newly discovered vulnerability in HP Support Assistant, a software tool that comes pre-installed on all HP laptops and desktop computers, including the Omen sub-brand. [...]
Read more....

DEADBOLT ransomware rears its head again, attacks QNAP devices
NAS devices make it easy for anyone to add high-capacity file servers to their network. Guess why cybercrooks love NAS devices too...
Read more....