31.07.2024

Windows Systems Crash Due to CrowdStrike Update
CrowdStrike, a global provider of security solutions for endpoint protection, cloud solutions, and user data, reported a system malfunction following the update of the Falcon Sensor. This malfunction caused significant disruptions for numerous global corporations. Airlines such as RyanAir and American Airlines, international banks, and Ukrainian companies, including Nova Poshta and Vodafone, reported operational issues.
The problem arose after installing the latest Falcon Sensor update from CrowdStrike. Upon loading the Windows OS, users encountered the Blue Screen of Death (BSOD), rendering the system inoperable. As of 31 July, this issue has been resolved.
Source: SOCRadar

UAC-0180 Attack on Ukrainian Defence Enterprises
The State Service for Special Communications and Information Protection of Ukraine recently detected a cyberattack by the UAC-0180 group on Ukrainian defence enterprises. The attack involved using GlueEgg malware to initially download other malware, DropClue data collection software, and Atera software to control infected systems remotely.

To avoid such attacks, email filtering by domains, file types, and links is recommended. Implementing employee training to reduce the risk of phishing attacks is also necessary.

Source: Державна служба спеціального зв'язку та захисту інформації України

Check Point Research Detects Stargazers Ghost Network of Malicious Accounts on GitHub
Check Point Research has discovered a network of GitHub accounts called the Stargazers Ghost Network that distributes malware and phishing links through fake repositories. This network operates as a distribution-as-a-service (DaaS) service.

The attackers use GitHub to distribute malicious scripts and encrypted archives via releases. The first active actions of this group were noticed in August 2022. In January 2024, the network distributed Atlantida Stealer via Discord, infecting over 1300 victims in 4 days. In the summer of 2024, the network distributed Rhadamanthys via short links on GitHub.

Source: Check Point

Exploiting CVE-2024-21412 to Steal Data
CVE-2024-21412 is a security vulnerability in Microsoft Windows SmartScreen caused by an error when handling maliciously crafted files. This vulnerability bypasses the SmartScreen dialog box and delivers malicious files. Over the past year, several attackers, including Water Hydra, Lumma Stealer, and Meduza Stealer, have exploited this vulnerability.

The attack begins with delivering a malicious URL to download an LNK file. After clicking on it, the LNK file downloads an executable file containing an HTA script. This script decodes and decrypts PowerShell code to retrieve the final URLs and download PDFs and malware injection tools. These files are intended to inject the hijacker into legitimate processes, initiating malicious activity and sending stolen data to the C2 server.

Source: Fortinet

PyPI Malware Targeting macOS to Steal Google Cloud Credentials Detected
Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems to steal Google Cloud credentials.

A package called "lr-utils-lib" was uploaded to PyPI in June 2024, hiding its malicious code in the installation file. It was then downloaded 59 times before it was detected and removed. The malicious code checks whether it is installed on macOS by comparing the system's UUID with predefined lists of hashes. If the hashes match, the package tries to access files with Google Cloud credentials and transfers them to a remote server controlled by the attackers.

Source: The Hacker News