Quotidien Shaarli

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.

Microsoft Office 365 Message Encryption (OME) utilitises Electronic Codebook (ECB) mode of operation. This mode is insecure and leaks information about the structure of the messages sent and can lead to partial or full message disclosure.

ThreatLabz has discovered, hiding in app stores, a PHP variant of the Ducktail infostealer used to hijack Facebook Business accounts.

Software Delivery Shield, a software supply chain security solution, can enhance the security posture along the supply chain from dev to production.

Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages

• Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.
• The Alchimist has a web interface in Simplified Chinese with remote administration features.
• The attack framework is designed to target Windows, Linux and Mac machines.
• Alchimist and Insekt binaries are implemented in GoLang.
• This campaign consists of additional bespoke tools such as a MacOS exploitation tool, a custom backdoor and multiple off-the-shelf tools such as reverse proxies.