Annie - RH-ISAC - Page 12 of 21 Blog

Executive Summary Threat actors are taking advantage of GitHub’s search functionalities to deceive users looking for popular repositories into downloading malicious  counterparts that serve malware, according to a new report from Checkmarx. Attackers are utilizing techniques like automated updates and fake stars to boost search rankings and deceive users. Community Threat Assessment The use of malicious GitHub repositories to distribute…

Vienna, VA (April 8, 2024) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced the cybersecurity solutions providers have recently joined the organization as new Associate Members. These companies will help to support the cybersecurity needs of the consumer-facing sector by sharing their knowledge, insights, and resources with RH-ISAC Core Members….

Vienna, VA (April 4, 2024) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announced that Zscaler will be the title sponsor of the RH-ISAC Cyber Intelligence Summit, which takes place in Denver, Colorado on April 9 – 11.    The RH-ISAC Cyber Intelligence Summit is an annual event tailored for strategic leaders and…

Context On April 2, 2024, Trend Micro researchers reported new technical details of a “Unapimon” malware campaign attributed to Earth Freybug, which leverages “dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored.” According to Trend Micro, “UNAPIMON itself is straightforward: It is a DLL malware written in C++ and…

Executive Summary On March 29, 2024, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor, tracked as CVE-2024-3094, found in the latest XZ Utils data compression tools and libraries. Red Hat has warned all users to discontinue any usage of Fedora 41 of Fedora Rawhide for work or personnel use and has…

Executive Summary Security firm Phylum has discovered and reported an automated typosquatting attack campaign recently detected on March 26, 2024, which targeted popular Python libraries hosted on the Python Package Index (PyPI) page. Attackers deployed over 500 typosquatted variations of well-known libraries like TensorFlow, BeautifulSoup, requests, requirements, and others. These variations were designed to mimic legitimate package names but…

Executive Summary Researchers from Sekoia have released a report  detailing an October 2023 discovery and subsequent analysis of a new Adversary-in-The-Middle (AiTM) phishing kit linked to the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform, which had been active since at least August 2023. The latest version of Tycoon 2FA features enhanced stealth capabilities, potentially lowering detection rates by security products. Sekoia’s…

Executive Summary The Checkmarx Research team has reported a sophisticated campaign which is targeting software supply chains and resulting in successful exploitation of multiple GitHub users. Key targets included the Top.gg GitHub organization, which claims to have over 170,000 users, and individual developers on the code publishing platform. The attackers employed various novel tactics, including account takeover via…

On March 21, 2023, Mandiant researchers reported their latest technical details detailing a campaign exploiting critical vulnerabilities in F5 BIG-IP and ScreenConnect, which they attribute to the Chinese state-sponsored actor known as UNC5174. Community Impact Assessment Due to the widespread use of F5 BIG-IP and ScreenConnect across global regions and industries, the RH-ISAC intelligence team…

Executive Summary Security researchers from TeamT5 have released their latest findings detailing CVE-2023-29300, a JAVA deserialization vulnerability resulting in arbitrary code execution. At least 66 devices in Japan have already been compromised via CVE-2023-29300, affecting various sectors such as healthcare, education, and manufacturing. Threat actors, including cyber-criminals and state-sponsored groups such as China-nexus APT group SLIME13 (known as Flax…