This briefing covers security developments from September 19th through 21st, Friday to Sunday, reviewing 19 articles from InfoSec feeds.
Threat Intelligence.
Akira ransomware continues targeting UK businesses across retail, finance, manufacturing and medical sectors, with over 30 organizations impacted since 2023. The group follows Conti-style playbook tactics, gaining initial access through SSL VPN exploitation on Cisco ASA, SonicWall and WatchGuard devices, often exploiting missing MFA or unpatched vulnerabilities. A Bloomberg investigation revealed jailhouse confessions from an 18-year-old member of the Scattered Spider cybercrime group, detailing multimillion-dollar hacking operations. Reports indicate APT-C-00, also known as OceanLotus, is suspected of delivering Havoc Trojans in recent campaigns.
Malware.
FileFix campaigns have evolved beyond proof-of-concept stage, now incorporating steganography techniques for payload delivery and evasion. ByteCaster, a new Swiss Army knife tool, supports 3 encryption algorithms, 4 encoding methods, and 14 output formats for payload obfuscation and conversion to byte arrays.
Vulnerabilities.
A zero-day vulnerability in macOS Spotlight allows malicious plugins to bypass TCC protections and access sensitive databases that fuel Apple Intelligence features, affecting systems up to macOS Tahoe. The vulnerability leverages a bug that's nearly a decade old but remains exploitable on current systems. Google has published research on SafeContentFrame, a new approach for rendering untrusted web content beyond traditional sandbox domains.
Tools.
Microsoft has changed distribution of vulnerable driver block lists from browsable web pages to JSON format, prompting creation of automated tools for SIEM integration. New research demonstrates GitHub Actions workflow tampering techniques for supply chain attacks, with proof-of-concept code released. Raw Gadget provides a low-level Linux interface for USB device emulation, while EarlyExceptionHandling implements novel hooking techniques without relying on traditional exception handlers.