20 June 2022 Weekly Newsletter

BOCRA website



Massive campaign uses YouTube to push password-stealing malware

                                                     LATEST CYBER HACKS 


Gallium hackers backdoor finance, govt orgs using new PingPull malware

The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa.


Large-scale Facebook Phishing Operation Discovered

Researchers disclosed a large-scale phishing operation targeting Facebook and Messenger to lure millions of users. The users are drawn to phishing pages, from where their credentials are stolen and ads are displayed for revenue generation.

Credentials for thousands of open source projects free for the taking—again!

At least one million users of a Chinese-run VPN service have had their personally identifiable information (PII) exposed due to a misconfigured Elasticsearch server, Infosecurity can reveal.



Three PyPI Packages Found Including Password Stealer by Mistake

In an unusual turn of events, the PyPI packages 'keep,' 'pyanxdns,' and 'api-res-py' were discovered to contain a backdoor due to the presence of a malicious 'request' dependency in some versions.


New Botnets Target Critical Vulnerability in Confluence Servers

Multiple botnets are abusing a critical RCE vulnerability to infect Linux servers. These servers are running Atlassian Confluence Server and Data Center.


Apple M1 chip contains hardware vulnerability that bypasses memory defense

Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success.



New Syslogk Linux rootkit uses magic packets to trigger backdoor

A new Linux rootkit malware named ‘Syslogk’ is being used in attacks to hide malicious processes, using specially crafted "magic packets" to awaken a backdoor laying dormant on the device.


PurpleFox Adds New Backdoor That Uses WebSockets

A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds.

                               GENERAL NEWS


CISA Outlines Bad Practices Every Organization Should Avoid

At the RSA Conference 2022, Donald Benack, deputy associate director at the Cybersecurity and Infrastructure Security Agency (CISA), and Joshua Corman, founder of I am the Cavalry, outlined what the US Government sees as the three most critical bad practices for IT today.


Metasploit 6.2.0 improves credential theft, SMB support features, more

Metasploit 6.2.0 has been released with 138 new modules, 148 new improvements/features, and 156 bug fixes since version 6.1.0 was released in August 2021. Metasploit is a penetration testing framework that includes 864 payloads and 2,227 exploits that can be used to target vulnerabilities and test a network's defenses.


Botswana Communications Regulatory Authority

Private Bag 00495, Gaborone, Botswana


Disclaimer: This information was gathered from multi-trusted feeds and it is not created by COMM-CIRT