"Hackers use VPN provider's code certificate to sign malware."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 20 August 2023, 1402 UTC.  Content provided by ""

Source: ("").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (

Hackers use VPN provider's code certificate to sign malware

  • The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider.

  • rust background

Rust devs push back as Serde project ships precompiled binaries

  • Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. This has generated a fair amount of concern among some developers who highlight the future legal and technical issues this may pose, along with a potential for supply chain attacks.

  • LockBit 3.0

The Week in Ransomware - August 18th 2023 - LockBit on Thin Ice

  • While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggio's third article in the Ransomware Diaries series, with the focus of this article on the LockBit ransomware operation.

  • WinRar

WinRAR flaw lets hackers run programs when you open RAR archives

  • A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive.

  • Microsoft

Hotmail email delivery fails after Microsoft misconfigures DNS

  • Hotmail users worldwide have problems sending emails, with messages flagged as spam or not delivered after Microsoft misconfigured the domain's DNS SPF record.


Interpol arrests 14 suspected cybercriminals for stealing $40 million

  • An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation codenamed 'Africa Cyber Surge II,' launched in April 2023.

  • BlackCat ALPHV ransomware

Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom

  • Microsoft has discovered a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally across a breached network.

  • Hacker

Hackers ask $120,000 for access to multi-billion auction house

  • Hackers have breached the network of a major auction house and offered access to whoever was willing to pay $120,000.

  • PowerShell

Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks

  • Lax policies for package naming on Microsoft's PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks.

  • Zimbra

Phishing campaign steals accounts for Zimbra email servers worlwide

  • An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration email servers worldwide.

  • Windows

Windows Task Manager refresh can be paused using CTRL key

  • A very useful and previously unknown Windows tip was revealed this week, where you can halt process jumping in Task Manager by holding down the Ctrl key on your keyboard, allowing easier access to a listed process.

  • Android

Thousands of Android APKs use compression trick to thwart analysis

  • Threat actors increasingly distribute malicious Android APKs (packaged app installers) that resist decompilation using unsupported, unknown, or heavily tweaked compression algorithms.

  • Anonfiles

File sharing site Anonfiles shuts down due to overwhelming abuse

  • Anonfiles, a popular service for sharing files anonymously, has shut down after saying it can no longer deal with the overwhelming abuse by its users.

  • CISA

CISA warns of critical Citrix ShareFile flaw exploited in the wild

  • CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild.

  • Google

Google released first quantum-resilient FIDO2 key implementation

  • Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich.



Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.