Threat Intelligence Bulletin – Container Files, Bots, and Industrial Espionage
In response to Microsoft plans to block macros by default, threat actors changing TTPs to container files (ISO, RAR) and Windows shortcut files (LNK)
- https://thehackernews.com/2022/07/hackers-opting-new-attack-methods-after.html
- https://www.darkreading.com/endpoint/post-macro-world-container-files-distribute-malware-replacement
Cisco releases patches for vulnerabilities affecting Nexus Dashboard for data centers
Overview of new Linux malware “Lightning Framework”, contains breadth of features and modularity
Info-stealing malware Amadey being installed through backdoor disguised as cracked software, can bypass Sophos and Windows Defender
- https://cyware.com/news/amadey-bots-new-version-spreads-using-software-cracks-11f2a0ac
- https://www.darkreading.com/attacks-breaches/supercharged-version-amadey-infostealer-malware-dropper-bypass-av
Threat actors increasingly using Internet Information Services (IIS) extensions to backdoor servers and establish persistence
Hardcoded Atlassian Questions for Confluence app password leaked, likely to lead to exploit attempts
Researchers detail how Telegram and Discord, along with their associated bots, cloud infrastructure, and CDNs are being used for attacks
Microsoft takes top spot as most impersonated brand in phishing attacks
Overview, IOCs, and whitepaper of an industrial espionage attack