The Blacksite Weekly Intelligence Report:

Week of October 31st, 2022

Samsung Galaxy Exploit Allows Targeted Remote Installation of Malware

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices. The vulnerability relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. XSS attacks allow an adversary to inject and execute malicious JavaScript code when visiting a website from a browser or another application. This could then be leveraged to download and install malware-laced apps on the affected Samsung device when visiting the link. An independent security researcher has been credited with reporting the issue.

More information: https://ssd-disclosure.com/ssd-advisory-galaxy-store-applications-installation-launching-without-user-interaction/

Hacker’s Selling Access to Hundreds of Corporate Networks for Millions

Israeli cyber-intelligence firm KELA published its Q3 2022 ransomware report, reflecting stable activity in the sector of initial access sales but a steep rise in the value of the offerings. The average selling price of these listings was $2,800, while the median selling price reached a record figure of $1,350. Average time to sell corporate access was just 1.6 days, while most were of RDP and VPN types. The most targeted country was the United States, accounting for 30.4% of all IAB offerings.

More information: https://ke-la.com/wp-content/uploads/2022/10/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022.pdf

Chinese Hackers Using LODEINFO Malware Against Japanese Government and Officials

The Chinese state-sponsored threat actor Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. The latest set of attacks involve the use of a bogus Microsoft Word file and a self-extracting archive (SFX) file in RAR format propagated via spear-phishing emails. The group has also been linked to attacks using malware families like SigLoader, SodaMaster, and a web shell called Jackpot against multiple Japanese domestic organizations since April 2021.

More information: https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/

Dropbox Breach Allowed Hackers to Access 130 Unauthorized Source Code Repositories

Dropbox says it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub. The breach resulted in the access of API keys used by Dropbox developers as well as “a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors”. The company did not reveal how many of its employees fell for the phishing attack, but said it took prompt action to rotate all exposed developer credentials.

More information: https://dropbox.tech/security/a-recent-phishing-campaign-targeting-dropbox

U.S Government Employees Experience Mobile Malware Attacks Due to Outdated Phones  

Almost half of Android-based mobile phones used by U.S. state and local government employees are running outdated versions of the operating system, exposing them to hundreds of vulnerabilities that can be leveraged for attacks. The statistics come from a report by cybersecurity firm Lookout, based on an analysis of 200 million devices and 175 million applications from 2021 to 2022. The report additionally warns of a rise in all threat metrics, including reliance on unmanaged mobile devices, and liability points in mission-critical networks.

More information: https://www.lookout.com/form/threats-government-threat-report-lp

Hundreds of U.S News Sites Push Malware to Visitors

 Threat actors are using the compromised infrastructure of an undisclosed media company to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S. The total number of impacted news organizations is currently unknown, Proofpoint says. The threat actor behind this supply-chain attack (tracked by Proofpoint as TA569) has injected malicious code into a benign JavaScript file that gets loaded by the news outlets’ websites. This malicious JavaScript file is used to install SocGolish, which will infect those who visit the compromised websites with malware payloads.

More information: https://twitter.com/threatinsight/status/1587865920130752515

 How Blacksite ZTNA Can Help Protect Your Business Against Cyber Threats

The first step in protecting your company against cyber threats is to make sure you have a solid cybersecurity plan. A cybersecurity plan helps you make sure that your company has the proper safeguards in place to protect your business. Expert security company Blacksite can help you with all your cybersecurity needs. At Blacksite we can help your company develop a cybersecurity plan that is tailored to your business needs. Blacksite implements the latest ZTNA technology to keep your business apps, data, and services safe from prying eyes and potential cybersecurity threats that you might experience in the future. Blacksite specializes in providing cybersecurity solutions in data protection, risk management, encryption, cyber security strategy, and cyber security education at an affordable price to accommodate your business whether it’s a small family owned to that of the size of a fortune 500.

More information: https://blacksite.solutions/products

Please contact us and we’ll be glad to assist you.

Become invisible, become secure.