SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: "Haskers Gang" Introduces New ZingoStealer
Description: Cisco Talos recently observed a new information stealer, called "ZingoStealer" that has been released for free by a threat actor known as "Haskers Gang." This information stealer, first introduced to the wild in March 2022, is currently undergoing active development and multiple releases of new versions have been observed recently. The malware leverages Telegram chat features to facilitate malware executable build delivery and data exfiltration. It can exfiltrate sensitive information such as credentials, steal cryptocurrency wallet information, and mine cryptocurrency on victims' systems. While this stealer is freely available and can be used by multiple threat actors, we have observed a focus on infecting Russian speaking victims under the guise of game cheats, key generators and pirated software, which likely indicates a current focus on home users. The threat actor "Haskers Gang" uses collaborative platforms such as Telegram and Discord to distribute updates, share tooling and otherwise coordinate activities. In many cases, ZingoStealer also delivers additional malware such as RedLine Stealer and the XMRig cryptocurrency mining malware to victims.
References: https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html
SNORT® SIDs: 59145, 59160, 59500 and 59501
Title: Cisco patches several new vulnerabilities related to Spring4Shell
Description: Cisco released fixes for multiple critical and high-severity vulnerabilities last week, some of which are related to the high-profile Spring4Shell vulnerabilities disclosed earlier this month. A management interface authentication bypass vulnerability in Cisco’s wireless LAN management software (CVE-2022-20695) is the most severe of the vulnerabilities with a severity score of 10 out of 10. An attacker could exploit this vulnerability to log into the management interface using crafted credentials, potentially the same as the admin. The company also announced in another critical advisory that it is still working on updates to some products to fix the Spring Framework vulnerability known as Spring4Shell.
References:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncossh-dos-ZAkfOdq8
SNORT® SIDs: 59564 – 59569