Cyber-Daily : Emergent Cyber Threats: Unmasking the new BunnyLoader & Exploring the Dilemma of Ransom Attacks
This Newsletter is Curated By: AI || Reviewed By : Avijit || Date: 2023-10-03
Top Cyber Stories Of The Day
1. Microsoft Defender stops flagging Tor Browser as malware, indicating improved recognition of legitimate software.
2. Exim has patched three of six zero-day bugs, subsequently lessening the threat level to users.
3. Fortinet Labs has discovered malicious NPM packages stealing data, affecting developers worldwide.
4. Ransomware gangs have found a new vulnerability to exploit in the JetBrains’ TeamCity server.
5. A surge in digital identity verification is being observed in the financial sector, indicating an active response to rising cybersecurity threats.
Today’s Threat Intelligence Reports
1. A fresh malware-as-service dubbed ‘BunnyLoader’ has surfaced stealing and replacing system clipboard contents.
2. Attackers are currently exploiting vulnerabilities in WS_FTP, marking an increased gravity of threat for users.
3. Arm raises a security advisory on an actively exploited flaw in Mali GPU drivers.
4. Progress Software’s WS_FTP Server is vulnerable to severe attacks as researchers have released proof-of-concept exploit.
5. Researchers at Lazarus Group have managed to cause 30% of the total losses experienced by the crypto industry in Q3 2023.
Today’s Breach Bulletins
1. Johnson Controls has allegedly leaked sensitive DHS data due to a ransomware attack from the Dark Angels hacker group.
2. Motel One Group disclosed a data breach following a ransomware attack, exposing 150 customer credit card details.
3. Exploitation attempts against WS_FTP are reported, suggesting a new wave of breaches.
4. The UK Royal Family website was on the receiving end of a DDoS attack from KillNet.
5. Malicious npm and PyPi packages are exfiltrating SSH keys from servers.
Security Research, Education & Awareness
1. NSA launches an AI Security Center addressing national security issues arising from securing AI models.
2. Researchers have developed a method to extract sounds using still images from smartphone cameras. This breakthrough research has large implications for surveillance technology and privacy.
3. AWS unveils MadPot, a defense system providing considerable insights into campaigns, thereby enhancing AWS’s cybersecurity measures.
4. The R Street Institute has launched a Cybersecurity-Artificial Intelligence Working Group, prompting more advancements in the field.
5. Researchers explore the concept of threat hunting and how it can be implemented using the MITRE ATT&CK framework, providing critical knowledge to cybersecurity professionals and enthusiasts.
