THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]

Summary: This update highlights significant cybersecurity threats, including the ongoing exploitation of ASP.NET machine keys and various vulnerabilities in remote desktop software and file archiving tools. Additionally, the report covers notable ransomware trends, attack campaigns from the Lazarus Group and new malware initiatives, and the alarming use of abandoned AWS S3 buckets for supply chain attacks. Vigilance and ongoing updates are essential as threats evolve and new risks emerge.

Affected: Multiple organizations and systems across various sectors, including Microsoft, SimpleHelp, 7-Zip, and AWS S3 environments.

Keypoints :

• Microsoft warns about exploiting publicly disclosed ASP.NET machine keys for executing malicious code.
• Security flaws in SimpleHelp software and 7-Zip are actively exploited, potentially linked to ransomware attacks.
• Ransomware payments significantly drop, but attack volumes remain high amid law enforcement successes against criminal groups.
• North Korea’s Lazarus Group utilizes fake job offers to distribute JavaScript malware across multiple operating systems.
• Research reveals abandoned AWS S3 buckets can be repurposed for large-scale supply chain attacks.
• New malware, SparkCat, targets cryptocurrency wallets via fraudulent mobile apps in popular app stores.
• Five Eyes cybersecurity agencies emphasize enhanced security measures for network edge devices.
• Spanish authorities arrest an individual linked to extensive cyber attacks on various high-profile organizations.