Threat Intelligence Bulletin – Manjuska Attack Framework, Zeppelin Ransomware, and the Evolving Email Threat Landscape
CISA adds path traversal vulnerability in Unix versions unRAR utility to Known Exploited Vulnerabilities Catalog
Attackers exploiting open redirects to Snapchat and Amex websites as part of phishing campaign
- https://cyware.com/news/snapchat-and-amex-abused-to-target-microsoft-365-users-05a8c543
- https://www.inky.com/en/blog/phishers-bounce-lures-off-unprotected-snapchat-amex-sites
Kimsuky threat actor using SHARPEXT browser extension to steal mail data directly from webmail sessions
Threat actor exploits Atlassian Confluence bug to deploy Ljl backdoor
Manjuska, a new attack framework imitating Cobalt Strike, being used and may become more prevalent
Prevalent Trojans from July 29 – Aug 5 and their associated IOCs
X-FILES infostealer gains new variant, exploiting Follina vulnerability, distributed via phishing
CPR claims that Emotet botnet most prevalent malware in July 2022, followed by Formbook infostealer and XMRig Monero crypto miner
Commodity malware top threat Cisco responded to in Q2 2022, Education in top 3 targeted industries
- https://www.tanium.com/blog/report-reveals-commodity-malware-surpasses-ransomware/
- https://blog.talosintelligence.com/2022/07/quarterly-report-incident-response.html
As threat actors pivot away from macros, Windows Explorer becomes top living-off-the-land binary used to execute malware through Windows LNK files
Trends in email threat landscape include LNK files, HTML smuggling, and shellcode hidden in Office documents
Cisco releases more details on a breach they suffered from an employee’s compromised Google account and MFA fatigue
Zimbra authentication bypass vulnerability being actively exploited to compromise Zimbra email servers
Zeppelin ransomware advisory and IOCs from CISA