CyberSecurity Knuggets

May 04, 2024

I just heard about a new and highly advanced malware strain called Cuttlefish that’s infecting both SOHO and enterprise-grade routers. This malware can intercept network traffic and scan for text markers in URLs that reference passwords, keys, tokens, and other authentication-related items. It actively scans for 126 markers and seeks authentication details for cloud-based resources, potentially allowing attackers to move across networks or perform supply chain attacks. Additionally, Cuttlefish has the capability to execute DNS and HTTP hijacking inside a router’s internal network, making it a sophisticated and dangerous piece of malware. The potential implications of this malware on data privacy and security are concerning and require immediate attention to prevent further exfiltration of sensitive information.

Furthermore, there are reports of a vulnerability pattern affecting popular Android apps that could allow malicious apps to overwrite files in another application’s home directory, potentially leading to arbitrary code execution or token theft. This affects an Android component that manages datasets shared between applications, and the company has identified several vulnerable Android apps with over four billion downloads. Microsoft has provided guidance to help Android developers avoid implementing this pattern, but this issue requires immediate attention to prevent potential exploitation.

In addition, the FBI and National Security Agency have released a joint cybersecurity advisory detailing how APT Kimsuky is exploiting weak DMARC configurations to impersonate organizations in phishing attacks. Their primary objective is to steal valuable intelligence regarding geopolitical events and other nations’ foreign policy strategies for the Kim Jong Un regime. This highly targeted and convincing phishing attack requires organizations to favor specific security configurations to prevent threat actors like Kimsuky from sending emails from their domains. This is a critical issue that needs immediate attention to prevent further disruptions to VPN connections.

Stay Well!