Phishing Scams for CrowdStrike Customers Continue, GitHub Vulnerabilities, and North Korea’s Ransomware Shift

Cybersecurity Digest for 26 July 2024

Today we discuss the following items:

Notable News
Crowdstrike Post Incident Report:
Falcon Content Update Remediation and Guidance Hub | CrowdStrike

Crowdstrike Phishing Campaigns:
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity (crowdstrike.com)
Malware Distributed Using Falcon Sensor Update Phishing Lure | CrowdStrike
Threat Actor Distributes Python-Based Info Stealer Using Fake Update (crowdstrike.com)

Apparent CrowdStrike Threat Actor List Leak:
Hacktivist Entity USDoD Claims to Have Leaked CrowdStrike’s Threat Actor List

Meta Ousts 63,000 accounts linked to Sextortion :
Combating Financial Sextortion Scams From Nigeria | Meta (fb.com)

Darknet Diaries Episode related to the Sextortion Scams:
The Pig Butcher – Darknet Diaries

Rapid7 Malware Campaign using Fake W2:
Malware Campaign Lures Users With Fake W2 Form | Rapid7 Blog

GitHub Deleted and Private Repo Access:
Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.

GitHub Accounts Distributing Malware:
Over 3,000 GitHub accounts used by malware distribution service (bleepingcomputer.com)

Windows SmartScreen Flaw:
Windows SmartScreen Flaw Enabling Data Theft in Major Stealer Attack (hackread.com)

Apt45 Shifts from Espionage to Ransomware:
APT45: North Korea’s Digital Military Machine | Google Cloud Blog

Related CISA Advisory:
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA

Prevalent Patches
Google Chrome Fixes Vulnerabilities:
Chrome Releases: Stable Channel Update for Desktop (googleblog.com)

Docker Fixes Authentication Bypass:
Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine | Docker

Siemens Fixes Closes Backdoors:
SSA-071402 (siemens.com)

Progress Telerik Vulnerability:
Insecure Deserialization Vulnerability - Telerik Report Server

CISA Alert:

BIND 9:
ISC Releases Security Advisories for BIND 9 | CISA
Related news:
BIND DNS Server Vulnerability Lets Attackers Flood Server (cybersecuritynews.com)