Weekly Newsletter

Share

Triaging the Week 023

Triaging the Week

Adam Goss

Welcome back to the Kraven Security weekly newsletter, triaging the week.  In it, we round up the week’s top news stories, highlight our featured article, provide some learning resources, and finish with a few personal notes about what’s happening at the company.

Top 5 News Stories

Triaging the Week News Stories

Story #1: Okta Users Face Large-Scale Credential Stuffing Attacks

Okta reports a significant increase in credential stuffing attacks targeting their identity and access management solutions, leading to breaches in some customer accounts.

Here are the top 3 takeaways:

  • Threat actors are using automated methods to test stolen usernames and passwords, often originating from the same sources identified by Cisco Talos.
  • The attacks primarily came through the TOR network and various residential proxies, such as NSOCKS, Luminati, and DataImpulse.
  • Okta recommends actions like enabling ThreatInsight in Log and Enforce mode, denying access from anonymizing proxies, and adopting passwordless authentication and multi-factor authentication to mitigate risks. 

Okta Security

Story #2: FBI Warns Fake Verification Schemes Are Targeting Dating App Users

The FBI has issued a warning about fake verification schemes on dating apps that can lead to recurring subscription charges and potential identity theft. 

Here are the top 3 takeaways:

  • Fraudsters develop a rapport on dating apps, then lure victims to external “verification” sites to extract personal and financial information. 
  • The FBI advises to keep conversations within dating apps, be cautious of quick love confessions, and regularly check for unauthorized charges. 
  • Victims of such schemes are encouraged to report to the FBI’s Internet Crime Complaint Center at www.ic3.gov

Internet Crime Complaint Center (IC3)

Story #3: Docker Repositories Are Pushing Malware and Phishing Sites

Millions of Docker repositories were found pushing malware and phishing sites, with around 20% of 15 million repositories containing malicious content. 

Here are the top 3 takeaways:

  • Three large-scale campaigns have been targeting Docker Hub users, employing tactics like batch creation of fake repositories and daily creation with a single user per repository. 
  • The “Downloader” campaign involved a malicious executable detected as a generic Trojan. This Trojan prompts users to download and install software, leading to compromised systems.
  • Docker Hub has removed all the repositories flagged by JFrog security researchers for hosting malicious or unwanted content, totaling 3.2 million repositories. 

JFrog

Story #4: New Law Bans Default Passwords for Smart Devices

The U.K. introduced the Product Security and Telecommunications Infrastructure (PSTI) Act, effective April 29, 2024, banning default passwords on smart devices to improve cybersecurity. 

Here are the top 3 takeaways:

  • Manufacturers must ensure devices do not have guessable passwords, provide a contact for security issues, and inform about the duration of security updates.
  • Companies that fail to comply with the PSTI Act may face recalls and fines of up to £10 million or 4% of global annual revenues.
  • This legislation positions the U.K. as the first country to outlaw default usernames and passwords from IoT devices, aiming to prevent DDoS attacks like Mirai.

National Cyber Security Centre (NCSC)

Story #5: New Redline Stealer Malware Masquerades as a Game Cheat and Uses Lua Bytecode to Evade Detection

A sophisticated variant of RedLine Stealer malware uses Lua bytecode for stealth, targeting gamers with fake cheats. 

Here are the top 3 takeaways:

  • Distributed via email, malvertising, and loaders, it steals data from cryptocurrency wallets, VPNs, and browsers.
  • Attackers exploited a GitHub “bug” to host malicious ZIP files on Microsoft’s repositories, weaponizing trust in legitimate sources. 
  • GitHub has taken action by disabling accounts and content that violates policies and advises users to follow official download instructions. 

McAfee

Top Tips of the Week

Triaging the Week Top Tips of the Week

Threat Intelligence

  • Stay informed on CTI trends. Adapt strategies to align with emerging techniques and technologies in the threat intelligence landscape.

Threat Hunting

  • Foster a culture of information sharing. Open communication channels enhance the collective ability to respond to threats.
  • Utilize threat intelligence for risk assessment. Identify and prioritize potential risks to allocate resources more effectively.
  • Investigate patterns, not just incidents. Recognizing patterns aids in understanding tactics and identifying potential threats.

Custom Tooling

  • Create custom tools with a focus on data privacy. Implement measures to protect sensitive information and adhere to privacy regulations.
  • Secure your custom tool development environment. Implement best practices for secure coding and protect sensitive information.
  • Incorporate user feedback into the development of custom tools. Ensure they align with user needs and expectations.

Feature Article

YARA Rules

YARA rules are powerful pattern-matching tools for identifying, classifying, and detecting malicious activity. Malware analysts, security researchers, and incident responders use them to defend against malware and hunt for bad guys. They are also one of the fundamental pieces of tactical intelligence you will share with operational teams as a cyber threat intelligence analyst.

YARA is a key concept for any cyber security professional to learn, and this guide will teach you everything you need to know. You will discover what YARA rules are and how to use them, explore how to create your own YARA rules with useful tips, and unlock the best practices for using YARA rules in the real world.

Let’s dive in and begin elevating our cyber security skills!

Read Now

Learning Resources

Triaging the Week Learning Resources

Cyber Security Professionals Are High-Income Earners: Don’t Make These Money Mistakes…

This excellent video from Nischa uses her business and financial background to navigate high-income problems. As a cyber security professional, you will likely encounter many of these battles, and understanding how to navigate them is essential.

These include:

  • Golden handcuffs
  • Not spending enough
  • Waiting too long to start investing
  • Not giving money away
  • Working too much
  • Not hiring an accountant and a lawyer

Master All the CrackMapExec Commands in This Ultimate Cheat Sheet

This CrackMapExec cheat sheet includes everything you need to get started using this powerful penetration testing tool used by penetration testers, red teamers, and cyber security professionals to test their systems against cyber attacks.

It includes everything from installation to common commands covering enumeration, brute force attacks, gaining access, post-exploitation, integrations, and advanced techniques. 

StationX

Want Financial Freedom? Discover the Steps…

Ali Abdaal is an esteemed productivity expert and business owner who went from being a doctor to being a YouTube star. In this video, he shares his insights into achieving financial freedom, finding time to work on your side hustle, and taking the leap to becoming a business owner. 

Key takeaways: 

  • You need to focus on the right things to achieve financial freedom.
  • It takes sacrificing the here and now for a better tomorrow.
  • Make time to make progress.
  • Being a business owner is the easiest and fastest way to financial freedom.

“Every man has two lives; the second begins when he realizes he only has one.”

This insightful interview with renowned comedian Jimmy Carr sheds light on his inspirational journey, surprising wisdom on many philosophical topics, and life struggles. 

I guarantee you will learn something from these interviews, be it:

  • Opening your mind to new perspectives.
  • Inspiration to fight back and make the most of life.
  • Learn to become a better communicator and get people to listen.

Personal Notes

Triaging the Week Personal Notes

🤔 This week at Kraven has seen a renowned effort to push more content. You have probably seen an increase in my social media posts across X and LinkedIn recently. This is our team’s effort to reach a wider audience with more accessible content. We want to provide you with more insights, more content, and more value! 

We are still trying to figure out what content you like best (e.g., stories, lessons, tips, etc.). If you do find value in our new content, please leave a comment or engagement so we can double down on it. We want to deliver as much FREE value as possible and believe the more knowledge we can share with the community, the safer we all will be. A rising tide lifts all ships. 

With that said, enjoy the content and use the learning resources provided wisely. There are a lot of good insights that go beyond just cyber.

Back to top arrow

Interesting in Learning More?

Learn the dark arts of red teaming

Check out these courses offered by Zero-Point Security. They will teach you all things red teaming from creating exploits, writing your own C2 framework, and emulating real-world threat actors.

If you want more of a challenge, take on one of their certification exams and land your next job in cyber:

Learn more cyber security skills

Check out The All-Access Membership Pass by TCM Academy. for courses on hacking/pentesting, malware analysis, digital forensics, programming/scripting, GRC, and more!

If you’re looking to level up your skills even more, have a go at one of their certifications: