Brief

Brief #41: 100k Infected Repos, Lazarus Zero-Day, Ubiquiti Hack

Ad fraud campaign using 8k+ domains, Lazarus Group's Windows zero-day exploit, and Russian hackers' Ubiquiti routers hijack.

6 min read
mandos brief nikoloz kokhreidze week 09 of 2024

👋 Hey there,

Happy Sunday!

🚨 News

Massive Hijack of Trusted Brands' Subdomains for Spam Campaign

Savvy Seahorse Gang Exploits DNS CNAME Records for Financial Scams

Lazarus Hackers Exploited Windows Zero-Day to Gain Kernel Privileges

Over 100,000 Infected Repos Found on GitHub

Russian Hackers Hijack Ubiquiti Routers To Proxy Network

🔬 Tools

Domain Hunter - Analyzes expired domains for reputation and Archive.org history, identifying suitable candidates for phishing and C2 domains.

MISP Project - Platform for sharing, storing, and correlating Indicators of Compromise of targeted attacks.

OSSEC - Open-source Host-based Intrusion Detection System.

🚀 Startups

ℹ️
I have no affiliation with the mentioned startups, neither have I tested their products. My goal here is to summarize cybersecurity startup market developments and share valuable insights to help you stay informed about the industry trends and innovations.

Entro, has added Machine Identity Lifecycle Management to its security platform, providing security teams with tools to manage, monitor, and control the entire lifecycle of a secret. This capability, along with new integrations with CIFS/SMB File Shares, Microsoft SharePoint, and others, allows organizations to efficiently oversee and protect non-human identities and combat "secrets sprawl" in the cloud.

BreachBits, has raised Seed funding led by Blu Ventures to expand their BreachRisk™ platform, which provides risk ratings for businesses and avoids false positives by verifying and testing threats. BreachBits' platform, using automated penetration testing, stands out in the cyber risk quantification market, providing fair, verifiable, and actionable results that have shown to add tremendous value for customers.

Sitehop, a firm specializing in hardware-enforced enterprise encryption, has successfully raised £5M in Seed funding. Sitehop's flagship product, SAFEblade 1100, supports 4,000 secure tunnels, boasting a 900-nanosecond encryption/decryption latency and 100Gbps data throughput, addressing communication network slowdowns caused by software encryption.

💬 Conversations

A Redditor had a not-so-pleasant interview experience where he encountered issues with both interviewers: one junior panelist asked cloud cert exam-based questions and attempted to 'correct' practical answers, while the senior interviewer focused on impractical definition-based questions.

Daniel Miessler talks about the ways he is trying to find positivity in AI taking over jobs. The key point he raises is that this is inevitable and we do not have a choice here. Only thing we can do is to find ways to benefit from it.

Informative write-up about analyzing User-Agent strings to help detect threats, such as the Raccoon Stealer and Bunny Loader malware. The post also provides a list of suspicious User-Agents for detecting threats in SIEM systems.

⭐️ 3 Ways I Can Help You

  1. Work with me. I love helping people! Let's discuss your challenges, career, or ask me anything about cybersecurity in 25 minutes.
  2. Explore solutions with me. Need cybersecurity strategy and execution for your startup or scale-up? Let's achieve tangible outcomes together.
  3. Looking for something different? Reach out.

That's a wrap for this week!

Enjoying the read? Share it with your connections who'd love it too.

Best,

Nikoloz

Share This Post

Check out these related posts

Brief #83: TP-Link Ban, LastPass Breach Impact, SOC Analyst Crisis

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #82: Apple iCloud Vulnerability, Cloud Security Skills Gap, SolarWinds ARM Flaw

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #81: OpenAI Container Risks, Cloudflare Tunnel Attacks, AWS IR Service Launch

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read