Brief #41: 100k Infected Repos, Lazarus Zero-Day, Ubiquiti Hack

Ad fraud campaign using 8k+ domains, Lazarus Group's Windows zero-day exploit, and Russian hackers' Ubiquiti routers hijack.

6 min read
mandos brief nikoloz kokhreidze week 09 of 2024

👋 Hey there,

Happy Sunday!

🚨 News

Massive Hijack of Trusted Brands' Subdomains for Spam Campaign

Savvy Seahorse Gang Exploits DNS CNAME Records for Financial Scams

Lazarus Hackers Exploited Windows Zero-Day to Gain Kernel Privileges

Over 100,000 Infected Repos Found on GitHub

Russian Hackers Hijack Ubiquiti Routers To Proxy Network

🔬 Tools

Domain Hunter - Analyzes expired domains for reputation and history, identifying suitable candidates for phishing and C2 domains.

MISP Project - Platform for sharing, storing, and correlating Indicators of Compromise of targeted attacks.

OSSEC - Open-source Host-based Intrusion Detection System.

🚀 Startups

I have no affiliation with the mentioned startups, neither have I tested their products. My goal here is to summarize cybersecurity startup market developments and share valuable insights to help you stay informed about the industry trends and innovations.

Entro, has added Machine Identity Lifecycle Management to its security platform, providing security teams with tools to manage, monitor, and control the entire lifecycle of a secret. This capability, along with new integrations with CIFS/SMB File Shares, Microsoft SharePoint, and others, allows organizations to efficiently oversee and protect non-human identities and combat "secrets sprawl" in the cloud.

BreachBits, has raised Seed funding led by Blu Ventures to expand their BreachRisk™ platform, which provides risk ratings for businesses and avoids false positives by verifying and testing threats. BreachBits' platform, using automated penetration testing, stands out in the cyber risk quantification market, providing fair, verifiable, and actionable results that have shown to add tremendous value for customers.

Sitehop, a firm specializing in hardware-enforced enterprise encryption, has successfully raised £5M in Seed funding. Sitehop's flagship product, SAFEblade 1100, supports 4,000 secure tunnels, boasting a 900-nanosecond encryption/decryption latency and 100Gbps data throughput, addressing communication network slowdowns caused by software encryption.

💬 Conversations

A Redditor had a not-so-pleasant interview experience where he encountered issues with both interviewers: one junior panelist asked cloud cert exam-based questions and attempted to 'correct' practical answers, while the senior interviewer focused on impractical definition-based questions.

Daniel Miessler talks about the ways he is trying to find positivity in AI taking over jobs. The key point he raises is that this is inevitable and we do not have a choice here. Only thing we can do is to find ways to benefit from it.

Informative write-up about analyzing User-Agent strings to help detect threats, such as the Raccoon Stealer and Bunny Loader malware. The post also provides a list of suspicious User-Agents for detecting threats in SIEM systems.

⭐️ 3 Ways I Can Help You

  1. Work with me. I love helping people! Let's discuss your challenges, career, or ask me anything about cybersecurity in 25 minutes.
  2. Explore solutions with me. Need cybersecurity strategy and execution for your startup or scale-up? Let's achieve tangible outcomes together.
  3. Looking for something different? Reach out.

That's a wrap for this week!

Enjoying the read? Share it with your connections who'd love it too.



Share This Post

Check out these related posts

Brief #51: VPN Decloaking Attack, Azure Health Bot Vulnerabilities, CISO Dissatisfaction, and Incident Response Challenges

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 8 min read

Brief #50: Postman API Credential Leaks, DHS AI Threat Guidelines, Effective Risk Communication, Cybersecurity Analyst Insights

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 8 min read

Brief #49: Palo Alto XDR Exploit, GPT-4 Vulnerability Exploitation, CISO Insights, and Top Cybersecurity Courses

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 7 min read