Welcome back to the Kraven Security weekly newsletter, triaging the week. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
Top 5 News Stories
Malicious Versions of jQuery Spotted on GitHub
Unknown threat actors have been distributing trojanized versions of jQuery on npm, GitHub, and jsDelivr, targeting the seldom-used ‘end’ function to exfiltrate website form data.
Top 3 takeaways:
⛓️ The attack involves manually assembled and published packages with varied naming conventions. This indicates a complex and persistent supply chain attack without automation.
🧑💻 The malicious jQuery file is hosted on a GitHub repository associated with the account “indexsc,” with scripts pointing to the modified library.
🥸 Attackers use jsDelivr to make the source appear legitimate and bypass firewalls.
Apple Removes VPN apps from the Russian App Store
Apple has removed 25 VPN apps from the Russian App Store at the request of Roskomnadzor, Russia’s telecommunications watchdog.
Top 5 takeaways:
📲 The targeted apps include NordVPN, Proton VPN, Red Shield VPN, Planet VPN, Hidemy.Name VPN, Le VPN, and PIA VPN.
🌐 The apps were removed because they provide access to content deemed illegal in Russia. VPNs are crucial in Russia for bypassing government censorship, which blocks many Western and local opposition media.
😡 VPN providers like Red Shield VPN and LeVPN have criticized Apple’s decision and are exploring ways to bypass the restrictions.
📆 Russia has been targeting VPN services since 2017, with increased efforts following the invasion of Ukraine in 2022.
🛂 This is part of Roskomnadzor’s broader efforts to control internet access and content within Russia, including blocking websites and disrupting social media during protests.
US Disrupt Russian AI-Powered Bot Farm Spreading Disinformation
Nearly 1,000 Twitter (X) accounts controlled by a Russian bot farm were taken down in a joint international operation led by the U.S. Justice Department.
Top 4 takeaways:
🥸 The bots used AI-enabled software called Meliorator to create authentic-looking social media accounts and spread disinformation.
😈 The disinformation operation was organized by a deputy editor-in-chief at Russia Today (RT) and a Russian FSB officer.
🌍 The takedown operation involved the FBI, Cyber National Mission Force, and international partners from Canada and the Netherlands.
🛡️ The Justice Department and international partners disrupted the bot farm and seized the domains, emphasizing their commitment to countering Russian aggression and protecting democratic processes.
ViperSoftX Malware Boosts Its Evasion Tactics
ViperSoftX is a highly advanced malware that has evolved since its detection in 2020, now using eBooks over torrents for distribution.
Top 5 takeaways:
🪲 The latest variants of ViperSoftX malware are using the Common Language Runtime (CLR) to load and execute PowerShell commands within AutoIt scripts, enhancing evasion tactics.
📚 The malware is being distributed via torrent sites as ebooks, delivering malicious RAR archives with decoy files and scripts disguised as JPG images.
⏱️ Once executed it configures the Task Scheduler to run every five minutes after the user logs in, maintaining its presence on the system.
🥷 ViperSoftX uses heavy Base64 obfuscation, AES encryption, and modifies the Antimalware Scan Interface (AMSI) to bypass security checks.
⚡ The malware collects and sends detailed system information to a remote server, using deceptive techniques to blend in with legitimate traffic.
Microsoft Patches Vulnerability Exploited for 18 Months
Microsoft has recently fixed a high-severity MHTML spoofing vulnerability (CVE-2024-38112) that was actively exploited for 18 months.
Top 5 takeaways:
😈 Threat actors are using .url files to exploit Internet Explorer (IE) for remote code execution, even on modern Windows 10/11 systems.
⚡ The mhtml prefix in the URL parameter tricks IE into opening a malicious site, bypassing the security of modern browsers.
🥸 The Internet Shortcut Files (.url) spoofed legitimate files (PDFs) and launched HTA files, installing password-stealing malware.
🪲 The malware could steal credentials, cookies, browser history, cryptocurrency wallets, and other sensitive data.
🛡️ Microsoft addressed the issue by unregistering the mhtml: URI from Internet Explorer and redirecting it to Microsoft Edge.
Top Tips of the Week
Threat Intelligence
- Collaborate with threat intelligence vendors. Supplement internal capabilities with external expertise for more comprehensive insights.
Threat Hunting
- Stay informed on threat intelligence trends in cyber threat hunting. Knowledge of emerging techniques empowers more effective threat detection.
- Automate routine tasks to focus on in-depth analysis. Let automation enhance efficiency in threat hunting processes.
Custom Tooling
- Consider user feedback in custom tool iterations. Continuous improvement relies on understanding user experiences and needs.
- Consider scalability in custom tool design. Anticipate future growth and ensure your tools can handle increased demands.
- Optimize custom tools for resource efficiency. Minimize resource usage while maintaining optimal performance and responsiveness.
- Collaborate with legal and compliance teams. Ensure that custom tools adhere to relevant regulations and industry standards.
Feature Content
Cyber threat intelligence (CTI) is the art of gathering, analyzing, and understanding information about cyber security threats. It involves collecting data, transforming it into actionable intelligence, and distributing it to key stakeholders to improve your organization’s security posture.
To do this effectively, you need a platform to store and analyze the intelligence you collect. Let me introduce you to MISP…
Learning Resources
Get Control of Your Dopamine Now!
Learn the science of dopamine, its impact on our behavior, and how to manage it for better productivity and well-being. Ali Abdaal delves into the concept of dopamine detox and provides actionable strategies to control dopamine levels.
A very insightful look at how we can start taking control of our environment and improve our well-being.
Start Creating Content
Creating content is beneficial regardless of age, industry, or skill level. It allows you to express yourself and deepen your knowledge.
Not convinced? Watch this excellent video on how YouTube has positively impacted the creator’s life, even with a small subscriber count. It highlights the benefits of long-form content, reduced pressure, creating for oneself, and personal growth.
How to Secure Your Microsoft 365 Emails
In today’s high-stakes online world, you better secure your emails with encryption. This video explains how to do just that in Microsoft 365. It covers the importance of email encryption, how to manually and automatically encrypt emails, and how to customize encrypted emails with company branding.
It is a must-watch for any security professional using Microsoft 365.
Make Epic Technical Tutorials Today
Discover how to use OBS studio to record technical tutorials using picture-in-picture effects, custom scenes, and on-demand elements in this excellent video. You will also learn to optimize your video and audio settings to ensure high-quality recordings.
An awesome resource for anyone looking to level up their video content or remote work presentations!
Personal Notes
🤔 This week has been another one heavily invested in filming and editing video content. There has been a lot of learning, exploring, and mistakes, but we aim to improve on each video we make and reach a level where we can provide you with the content you deserve.
Our written articles are an excellent resource for anyone who wants to learn about cyber threat intelligence, threat hunting, or custom tooling. We hope our video content can reach the same level and provide more options for learning a topic, concept, or new skill that best suits your learning style.
