APRIL ISSUE
??Frederick Wakulyaka
Business Analyst Instructor| GRC Analyst| Consultant and trainer in AI| Information Security Analyst | Cybersecurity Master's, Security Controls| Content Creator
APRIL ISSUE
On March 29, 2023 Crowdstrike released a blog discussing a supply chain attack involving a software -based phone application called 3cxDesktopApp. Crowdstrike observed unexpected malicious activity emanating from a legitimate signed binary.The malicious activity includes beaconing to actor-controlled infrastructure,deployment of second-stage payloads,and,in a small number of cases,hands-on-keyboard activity.
The 3CXDesktopApp is available for Windows,macOS,Linux and mobile.
Crowdstrike Intelligence has asssesed there is suspected nation-state involvement by the threat actor LABYRINTHCHOLLIMA.
A new sample of Golang-based malware was discovered by Unit 42 .It has been named GoBruteforcer,and it targets web servers,specifically those running phpMyAdmin,MYSQL,FTP and Postgres services.Further investigations revealed that the attacker hosted binaries for x86,x64 and ARM processor architectures.
For successful execution,the samples requirespecial conditions on the victim system like specific arguments being used and targetted services already being installed(with weak passwords).
FBI takes down Genesis market, senior US FBI officials disclosed that they have been able to take down the cybercrime platform Genesis market ater identifying and locating its backend servers.
CyberTHreat INTELLIGENCE.
Hackers posed as reporters in attacks on North Korea. Hackers allegedly connected to the North Korean military targeted people with expertise in North Korean policy issues by posing as journalists.