al3x@wannaCYbeR(security)~$ echo "Issue \x0D"
Alessandra ?? Perotti
Malware Reverse Engineer + Cyber Threat Intel Analyst @ CVS Health | Threat Researcher | GREM | GCIH | GIAC Advisory Board
Greetings, fellow cyber people, and welcome to the thirteenth issue of wannaCYbeR, a weekly newsletter dedicated to those who are just starting in cybersecurity. This week, we had some news on the malware marketplace front, as well as patches and a new Kali Linux version.
Time for a New Kali Linux
For all the Kali Linux fans, on Monday Offensive Security released version 2022.2 of the popular distribution used by penetration testers and ethical hackers. In this version, there have been a number of GUI enhancements, such as an upgrade to Gnome 42 “which brings a cleaner feel and adds a built-in screenshot and screen-recording tool” – great stuff for your penetration testing reports – and theme updates.
“The shell theme now includes a more modern look, removing the arrows from the pop-up menus and using more rounded edges. In addition, we've upgraded and tweaked the dash-to-dock extension, making it integrate better with the new look and fixing some bugs.”
Support was also added for ARM users, especially focusing on those who run Kali on Raspberry Pi.?
“Build-your-own” Malware Service: Eternity Project
After coming up with Ransomware as a Service (RaaS), threat actors are now upping the ante by selling customizable malware via Telegram, in a channel connected to a .onion marketplace called “Eternity Project,” as researchers with Cyble showcase in a blog post.
The threat actors showcase different malware modules (Stealer, Miner, Ransomware, etc) with different price points and possible customizations. Eternity Stealer, for example, is sold for a $260 annual subscription and can siphon “passwords, cookies, credit cards, and crypto-wallets from the victim’s machine and sends them to the TA’s Telegram Bot.”
“Once the users select the stealer product, they are presented with further options for features such as AntiVM and AntiRepeat. Finally, the user has the option to select the available payload file extension such as .exe, .scr, .com, and .pif. After selecting the file extension, the user can download the stealer payload from the Telegram channel.”
Facestealer Hiding in Android Apps
Researchers with Trend Micro found hundreds of malicious Android apps on Google Play Store that distribute the Facestealer trojan , known since 2021 for stealing Facebook login credentials, cookies, and other personal information from infected devices.
“Facestealer apps are disguised as simple tools — such as virtual private network (VPN), camera, photo editing, and fitness apps — making them attractive lures to people who use these types of apps. Because of how Facebook runs its cookie management policy, we feel that these types of apps will continue to plague Google Play. As for the fake cryptocurrency miner apps, their operators not only try to profit from their victims by duping them into buying fake cloud-based cryptocurrency-mining services, but they also try to harvest private keys and other sensitive cryptocurrency-related information from users who are interested in what they offer. Looking into the future, we believe that other methods of stealing private keys and mnemonic phrases are likely to appear.”
Patched: Apple + Tatsu for Wordpress
Apple released security updates for a number of bugs in Big Sur and Catalina OS. “Described as an out-of-bounds write issue impacting AppleAVD, CVE-2022-22675 can allow an application to execute code with kernel privileges. CVE-2022-22674 affects the Intel graphics driver and it has been described as an out-of-bounds read issue that can lead to the disclosure of kernel memory,” Security Week reports .
The vendor Tatsu, who produces an in-browser theme builder plugin for Wordpress, patched a remote code execution vulnerability registered as CVE-2021-25094 that affected over 100,000 websites. The unpatched version of the plugin allows an attacker to execute code on the servers. More on The Hacker News.
领英推荐
Cryware Targeting “Hot Wallets”
Cryptocurrency is undoubtedly a hot topic right now and that’s why people should pay even more attention to their security posture when it comes to protecting their crypto assets. Researchers at Microsoft, in fact, discovered new malware targeting crypto wallets they called “cryware.”
“Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets. Because hot wallets, unlike custodial wallets, are stored locally on a device and provide easier access to cryptographic keys needed to perform transactions, more and more threats are targeting them.” In essence, if a threat actor gains access to a “hot wallet,” they can use it to quickly transfer cryptocurrency to their own wallets.
“Unfortunately for the users, such theft is irreversible: blockchain transactions are final even if they were made without a user’s consent or knowledge.”
Meme of the Week: Smells Phishy
Special of the Week #1: CTFtime.org
Are you looking to do more Capture the Flag (CTF) challenges with friends or on your own? CTFtime is an excellent platform that collects hundreds of CTFs happening both in-person and online around the world. It lists a lot of events as well as writeups for past CTFs and allows people to sign up and participate in challenges as teams.
Special of the Week #2: SANS CTI Summit 2022 Videos
Did you miss the SANS Cyber Threat Intelligence Summit that happened in January 2022? Me too! But I have good news: all the talks are on SANS Digital Forensics and Incident Response YouTube Channel. From leveraging intelligence gaps to APT talk to using the MITRE Framework in the intelligence lifecycle , the playlist is loaded with excellent information and useful insights. Check it out here or directly on YouTube .
That's all for this week. If you enjoyed the newsletter, please feel free to share it with your connections. Do you know of a great piece of content I should include? Don’t be shy, reach out!
P.S. In case you were wondering, I don't receive any compensation or sponsorship for the content I share. I do it just because I love to nerd out with other people on topics of common interest.