HCL reviews ransomware, Agent Tesla, JavaScript bank malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Indian tech company HCL investigating ransomware attack

The attack was reported to regulators on Wednesday and is being described as occurring in “an isolated cloud environment for one of its projects.” HCL Technologies is one of the largest tech companies in the world. Company reps stated, “there has been no impact observed due to this incident on the overall HCLTech network.”

(The Record)

An old malware and an old Microsoft Office revive old problems

Agent Tesla is a type of spyware that has been around for a decade, but threat actors are continuing to an old vulnerability in Microsoft Office to continue to spread it. The vulnerability, CVE-2017-11882 is a memory-corruption issue that affects a Microsoft Office component responsible for the insertion and editing of equations (OLE objects) in documents. Microsoft released a patch in 2017 but has seen a spike in the number of attacks leveraging the vulnerability in the past few weeks. According to Security Affairs, in recent campaigns, the attackers sent out spam messages using words like “orders” and “invoices” in an attempt to trick recipients into opening weaponized Excel documents.”

(Security Affairs)

New JavaScript malware targets banks

This new campaign has been seen targeting banks in North and South America, Europe, and Japan, affecting at least 50,000 users, and is aimed at stealing users’ online banking account credentials. The malware has not yet been given a name, but researchers at IBM are observing similarities between it and the known stealer and loader family known as DanaBot. It is a dynamic malware that provides different courses of action, but in one of its forms it creates a fake bank customer login page followed by a notice that states that online banking services will be unavailable for a time period of 12 hours, thus deterring customers from accessing their accounts while the malware owners do their thing.

(The Hacker News)

What’s Happening indeed: Twitter/X suffers temporary global outage

Early yesterday morning, the platform went dark for about an hour, with some users in the US, Canada and parts of Europe and Asia seeing a screen that said only “Welcome to X.” Although this was only a brief and quickly resolved issue, the company’s numerous controversies and challenges over recent months ensured this story was widely scrutinized.

(BBC News and Reuters)

Huge thanks to this week’s episode sponsor, Barricade Cyber Solutions

Is ransomware affecting your business operations? Contact Barricade Cyber Solutions at Barricade Cyber Solutions are elite DFIR experts who come to the rescue for businesses like yours daily. The trusted team at Barricade Cyber traces the source of infiltration and fortifies your defenses. Depend on Barricade Cyber Solutions for your data and system security prevention and recovery. Go to and set up a time to connect with the team today. Again, that’s

Ivanti urges customers to patch new vulnerabilities

The maker of mobile device management technologies, which includes warehouse scanners and handheld tablets, has released patches for 22 flaws, 13 of which have CVSS ratings of 9.8. The company is recommending customers download and install the Avalanche 6.4.2 installation to help avoid the chances of remote code execution. No evidence of exploitation of these vulnerabilities in the wild has been noted, although during a previous zero-day vulnerability this past summer, CISA pointed out “Mobile device management (MDM) systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices.”

(InfoSecurity Magazine and CISA Advisory)

Android malware Chameleon disables fingerprint unlock

The Android banking trojan called Chameleon has a new version capable of bypassing fingerprint and face unlock. According to Bleeping Computer, “it does this by using an HTML page trick to acquire access to the Accessibility service and a method to disrupt biometric operations to steal PINs and unlock the device at will.” Researchers at ThreatFabric are reporting Chameleon is being distributed via the Zombinder service, which poses as Google Chrome, and which “glues malware to legitimate Android apps so that victims can enjoy the full functionality of the app they intended to install, making it less likely to suspect that dangerous code is running in the background.”

(Bleeping Computer)

Chrome zero-day fix released for already exploited flaw

Google Chrome’s fix deployed on Wednesday, is to manage a vulnerability tracked as CVE-2023-7024, which affects desktop versions of Chrome on Mac, Linux, and Windows. The flaw was reported by the Threat Analysis Group at Google on December 19, and was found in WebRTC, an open-source project communication API for web browsers and mobile applications.

(The Record)

US launches semiconductor supply chain review for national security

The U.S. Department of Commerce said yesterday that it will launch a survey of the U.S. semiconductor supply chain to address national security concerns from Chinese-sourced chips. Specifically, the survey will observe how U.S. companies are sourcing legacy chips which are described as current-generation and mature-node semiconductors, with the overall goal being to “reduce national security risks posed by China.”



Click Here For The Original Source.

National Cyber Security