Threat Intelligence Snapshot: Week 50, 2023

Intelligence Cables,Weekly Intelligence Snapshot

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 7 – 13 December 2023 is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Incident

Operation Blacksmith: Lazarus Targets Organizations Worldwide Using Telegram-based Malware

Industries impacted: Communication Services, Consumer Staples, Government, Health Care, Industrials

Lazarus group still leverages CVE-2021-44228, also known as Log4Shell, conducting reconnaissance on vulnerable VMWare servers and deploying Telegram-based remote access trojan on infected devices.

Vulnerability

Patch Tuesday: Microsoft Patches 34 Flaws, Four Critical and One Zero Day; Various Vendors Patch Actively Exploited and Critical Flaws

Microsoft released its monthly Patch Tuesday security updates, which includes fixes for 34 vulnerabilities, four of which are rated critical, including one zero day vulnerability. Microsoft is not aware of public exploitation of these vulnerabilities.

Rollups

Industries impacted: Communication Services, Energy, Government

  • NCSC Reports About Ongoing Spear-Phishing Campaign By Russian APT Star Blizzard
  • Researchers Uncovered An Active Directory DNS Spoofing Exploit
  • Operational Overlaps Between Sandman and Storm-0866 Highlight the Complex Nature of the China-Based Threat Landscape
  • TA4557 Targets Recruiters by Applying to Open Job Listings
  • APT28 Uses Israel-Hamas War Lures to Deliver the Headlace Backdoor to Worldwide Targets
  • WordPress Backup Migration Plugin Flaw Exposes 90,000 Websites to Remote Code Execution

Geopolitical Highlights

New Climate Change Legislation To Increase Compliance and Reputational Risks For Companies

As regulatory and civil society scrutiny increases over climate change commitments, compliance and reputational risks for businesses are also growing. QuoIntelligence outlines the key elements of the EU corporate sustainability due diligence directive.

Rollups

Industry impacted: Information Technology

  • EU Parliament and Council Reach Political Agreement on Artificial Intelligence Act
  • The Netherlands And South Korea To Form a Semiconductor Alliance
  • US House of Representatives’ Committee Calls for Stress-Testing
  • US Banks for Potential Loss of Market Access to China US and UK Antitrust Authorities Are Conducting Preliminary Inquiries on Microsoft’s OpenAI Investment

Vulnerability Alerts

(The following alert has been pushed to Premium customers via Mercury)

  • 12 December – Patch Tuesday: Microsoft Patches 34 Flaws, Four Critical and One Zero Day; Various Vendors Patch Actively Exploited and Critical Flaws

Latest blogs

Interested in becoming a premium customer? Let’s talk

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.