Here are this week’s highlights in cybersecurity:

  • WatchDog group is targeting Docker Engine API endpoints and misconfigured Redis to install cryptocurrency mining software. The group uses many of TeamTNTs Tactics, Techniques & Procedures (TTPs). Researchers assess with high confidence that WatchDog is continuing to repurpose TeamTNT payloads, as they’ve done in the past. More
  • Yuga Lab’s Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised. Attackers posted an announcement with a link to a phishing website using a community manager account. Hackers stole over $257,000 in Ethereum and thirty-two NFTs. More
  • US military hackers have conducted offensive operations in support of Ukraine, says head of US Cyber Command & NSA. He told Sky News: “We’ve conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations”. More
  • Chinese APT called LuoYu deploys malware using a man-on-the-side attack. The Command & Control server the malware connects to, is chosen at random from a pool of 48,000 IP addresses. It also tries to connect to non-existing domains (“microsoftcom”), suggesting the existence of a man-on-the-side attacker who is able to intercept all network traffic and even modify it if needed, according to Kaspersky. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.