Security Bulletin

Efforts to recover impacted systems are already underway amid an ongoing investigation into the source and extent of the cybersecurity incident.

Instant messaging app Viber had over 740GB of data admitted to having been compromised by pro-Palestinian hacktivist group.

McDonald's also reiterated that there is no association between the incident — which was reported in Japan, Bangkok, London, Milan, Denmark, Australia, and the UK and has since been resolved.

AT&T has emphasized that none of its systems have been breached as it vehemently denied that data allegedly stolen from a 2021 hack by ShinyHunters.

The International Monetary Fund had 11 of its email accounts compromised following a cyberattack last month.

Lazarus, which has since tapped the Sinbad.io and Blender.io crypto-mixing services to launder proceeds from the Atomic Wallet, Axie Infinity, and Horizon Bridge attacks, may have been looking to conceal transactions with the recent use of Tornado...

All 17 repositories used in the campaign, which GitHub has already removed, had a README.md file that aimed to establish legitimacy with the inclusion of four green Unicode circles.

Intrusions targeting servers impacted by the high-severity direct traversal aiohttp Python library vulnerability have been increasingly deployed by suspected ransomware-as-as-service affiliate ShadowSyndicate.

Rather than merely responding as vulnerabilities are discovered, teams have to take a more proactive approach and stamp out bugs well before the exploit.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by Joshua Woodward, an ISC intern as part of the SANS.edu BACS program]

This PE file contains an obfuscated hexadecimal-encoded payload. When I analyze it with base64dump.py searching for all supported encodings, a very long payload is detected: