My Weekly Roundup #146

Cybersecurity

EmoCheck Tool 2.2 Supports and Detects New 64-bit Variants of Emotet Malware

JPCERT/CC, Japan’s first CSIRT (Computer Security Incident Response Team), has released a new version of their open-source tool EmoCheck to identify new 64-bit variants of the Emotet malware, which started infecting users earlier this month.

Quantum Ransomware

In one of the fastest ransomware cases we have observed, in under four hours the threat actors went from initial access, to domain wide ransomware. The initial access vector for this case was an IcedID payload delivered via email.

Defeating BazarLoader Anti-Analysis Techniques

Malware authors embed multiple anti-analysis techniques in their code to retard the analysis processes of human analysts and sandboxes. However, there are ways defenders can defeat these techniques in turn.

Hive0117 Continues Fileless Malware Delivery in Eastern Europe

Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman.

Russia cyber case prompted big portion of FBI’s surveillance database searches in 2021

A Russian cyberthreat against U.S. critical infrastructure in the first half of 2021 prompted the FBI to query the database of a warrantless surveillance program nearly 2 million times as the bureau cast a wide net for useful information, officials said Friday.

Adventures in the land of BumbleBee

BUMBLEBEE is a new malicious loader that is being used by several threat actors and has been observed to download different malicious samples. The key points are:

Cloudflare detects one of the largest DDoS attacks on record targeting crypto platform

Internet infrastructure company Cloudflare said today that it mitigated one of the largest volumetric distributed denial of service (DDoS) attacks that has been recorded to date.

LAPSUS$: Recent techniques, tactics and procedures

This post describes the techniques, tactics and procedures we observed during recent LAPSUS$ incidents. LAPSUS$ first appeared publicly in December 2021, however, NCC Group first observed LAPSUS$ months prior during an incident response engagement.

ATT&CK Goes to v11: Structured Detections, Beta Sub-Techniques for Mobile, and ICS Joins the Band

Right on cue, ATT&CK’s latest release is out, and this time we’ve gone to v11! If you’ve been following along with our roadmap there shouldn’t be any huge surprises in store, but we wanted to take a chance to go over our latest changes.

Malicious Registry Timestamp Manipulation Technique: Detecting Registry Timestomping

Office365 Attacks: Bypassing MFA, Achieving Persistence and More - Part I APTs are actively attacking Office 365 (O365) – finding mechanisms to bypass MFA and to impersonate users regardless of whether you reset their passwords.

New Black Basta ransomware springs into action with a dozen breaches

A new ransomware gang known as Black Basta has quickly catapulted into operation this month, breaching at least twelve companies in just a few weeks. The first known Black Basta attacks occurred in the second week of April, as the operation quickly began attacking companies worldwide.

Chinese state-backed hackers now target Russian state officers

Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyte and Bronze President).

RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign

At the start of the year, Bitdefender noticed a RIG Exploit Kit campaign using CVE-2021-26411 exploits found in Internet Explorer to deliver RedLine Stealer, a low-cost password stealer sold on underground forums.

Google Confirms Record-Breaking 14 Serious Chrome Security Exploits Surprise In New Report

Google’s Project Zero security research team, on a mission to make zero-day exploits hard, has revealed that 2021 was a record-breaking year. In all, across multiple platforms, Project Zero detected and disclosed some 58 ‘in-the-wild’ zero-days. That’s record-breaker number one right there.

Technology

Scientists create paper-thin speakers that could be used like wallpaper

Every few decades, speakers get a little more immersive thanks to advancements in sound processing technologies and cheaper access to surround sound components. But what if you could literally turn all the walls in your home into one giant speaker?

Russia’s Apparently Using Military Dolphins to Protect Its Naval Base

Russia has enlisted the help of some new marine recruits in its ongoing invasion of Ukraine, deploying trained military dolphins to protect one of its naval bases in the Black Sea.

Pixel Watch prototype is left at a bar, gets photographed

The Pixel Watch had an iPhone 4 moment over the weekend. Just as Apple’s 2010 flagship leaked after being left at a bar, Google’s upcoming Pixel Watch was apparently lost and found at a restaurant.

Privacy

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address.

Elon Musk Says He Will Encrypt Twitter 2.0 Messages To Stop Spying

Elon Musk has been spitting a lot of ‘idea-balls’ against the wall since his Twitter takeover was announced. One of the most applauded, yet at the same time somewhat controversial, being the introduction of end-to-end encrypted direct messages to what you might call Twitter 2.0.

Facebook’s New Nightmare—Is It Time To Delete Your Account?

Facebook has been under fire recently, with explosive whistleblower allegations and continuing regulatory headaches. But things might have just got worse for Facebook’s 3 billion users—could it be the turning point that finally incentivises people to delete their accounts?

Entertainment

Netflix Cancels Space Force After 2 Seasons

The last week has been pretty rough for Netflix in terms of news; the big streamer has had some high profile cancellations and reports of layoffs. If you’re a fan of Space Force, their sci-fi military comedy series, bad news: it too has been canceled.