AT&T Alien Labs yesterday released a report on the SideWinder threat actor. SideWinder is believed to have been active at least since 2012, but Alien Labs concentrates on operations since 2017. Its usual tactics include spearphishing, “document exploitation, and DLL Side Loading.” Attribution is uncertain, but SideWinder has been most often reported active against Pakistani military targets, and Alien Labs thinks “with low to medium confidence” that SideWinder is an Indian operation. It seems at the very least to work in support of Indian interests.
Google’s Project Zero has begun a series on zero-days it’s found undergoing active exploitation in the wild. This week it describes a set of four that were used to craft malicious websites to entrap Windows and Android users. The campaign was sophisticated, evasive, and expensive to mount. The vulnerabilities exploited (CVE-2020-6418, Chrome Vulnerability in TurboFan; CVE-2020-0938, Font Vulnerability on Windows; CVE-2020-1020, Font Vulnerability on Windows; and CVE-2020-1027, Windows CSRSS Vulnerability) were all been fixed in 2020.
The US Cybersecuriy and Infrastructure Security Agency (CISA) has issued a warning about successful cyber operations directed against cloud services whose users are afflicted with poor cyber hygiene. CISA’s Analysis Report also includes a set of recommendations for ways in which enterprises can improve their cloud security.
Group-IB this morning released a report about Classiscam, a scam-as-a-service criminal enterprise hawking malicious classified ads.
BankInfo Security says SolarLeaks has added Microsoft and Cisco code to their offerings, joining SolarWinds and FireEye swag. There’s still no solid evidence the offer's genuine.