And before that i would like to request you. If you are new on this channel, then please subscribe the channel. If you want to support us, then please share this video uh as much as you can so lets discuss the previous week top five attacks, the first one is the fin it. Definitely the apt hackers attacks financial institutions using sophisticated web door. We have discussed in the previous video if you havent, seen that you can just click on the die button and you you, you can also go in the cybersec live channel. You will get that video so and the second one there was a vulnerability in f5, big ip uh in the vaf and awm, so that flawlet hackers execute our ability system command. So if you have f5 big ip of wef, then you can. You can just uh mitigate those one levity or you can say you can upgrade those uh versions. So we wear new whatsapp mode, uh hack, your mobile, to spy, your activities and steal sms data, a new iphone, zero click. I message zero day used to deploy pegasus spyware. This one is uh highly vulnerable for iphone uh. Those who have iphone then definitely they have the imessage and face appetite. So that is one of the things and uh the pegasus spyware, uh were able to hack. You can say: uh were able to hack against ios version of 14 and above and the fifth fifth one.
We have cloudflare recorded 17.2 million requests per second largest http ddos attack ever detected, but they have one of the automatic tool for ddos attack. So they there was no impact on them and the last one we ran somewhere attack at singapore, eye clinic potential breaches and there was 70 3000 patients data. Okay, great so lets move towards our uh this week attacks so the first one is black tooth, which is one of the apt icos new bluetooth, buglet hacker perform ace and dos attack on millions of devices, and in this you can say there are whatever the chipset Companies, you can say you can take intel, you can take a qualcomm and many more, they are vulnerable and let me show you that how it is vulnerable, so the threat actors are that there is directors of blacktooth who detected singapore university of technology and design uh Vulnerability discovered, what was that is vulnerability, discovered features, pages execution. This is the cve, and this is a cv for this request. Duplicated ioc. I mean this. These are the only three i have im showing you, but there are many more. There are many more you can. Just go through that uh link in the description, and you will get more things as well. So the summary, let me tell you, the threat actors of blacktooth only requires a chip, esp32 development kit, along with a custom, lmp5 firmware and a pc to run the poc tool during their attack organization affected, intel, qualcomm, say press and there are.
There are many more chips: companies uh! You can go through that description as well. Okay, so affected bt yeah. So these are the affected bt. Bluetooth. 5.2. If you have 1.0 point four point, two to four point or not right and 3.0. So these are the bt. Are affected and device is affected if you have a smartphone in 1400 systems, laptop desktop systems, audio devices in speakers head phones, you can say – and there are many more you can say home – entertainers you, whatever you have devices in your home, that is also vulnerable. That is affected devices, so mitigation bitty, firmware patches has been released, so you can go and that is directly is going to be upgrade for the reference video that how you can do this this attack, you can just go through this video. You will get to know more about this number two. We have log file. Ransomware exploit proxy shell. One of it is microsoft, exchange server. So, okay, sorry, okay, the thread! Our name is log file ransomware right and it is some somewhere similar to log veteran somewhere vulnerable app is a microsoft exchange servers, summaries, uh, microsofts action servers were hacked by a by a very new ransomware gang that is lock file according to the cyber security expert. This ransomware game has appeared in the july 2021. However, the main motive of this answer is to encrypt windows domains soon after hacking into microsoft, exchange servers and this they do with the help of proxy shell one levity.
So there are many vulnerabilities regarding proxy shell uh. We have just covered the uh. This cv you can see here. These are the vulnerabilities discovered earlier those cv we have. You can go through that so that what is the mitigation the ransomware gang uses, both microsoft exchange proxy shell vanities and this window, uh windows, 31 and tlm relevant levity. So, according to the researcher, its quite important that windows administrators must install the latest updates so make sure that you have the latest updates. Well, in this case of proxy shell vulnerabilities, the user can install the most advanced microsoft exchange camera tip updates, as it will help to pass the vulnerability. Well, i can say guys that ransomware definitely these these patches might be affected right, but it it is very complicated and researchers are still investigating that how they can patch this one. These things, because ransomware is always a typical thing for any of the researcher. You can say number three: we have a phishing campaign. Microsoft wants of a wide space, phishing campaign to steal, login credentials, so lets see how actually they are doing and its a very interesting case so who detected security researcher of microsoft. The security researcher of microsoft have reported about a new phishing campaign that they have detected recently uh. What what actually they are trying to do. Let me show you uh, okay, so credential phishing via open redirect. So basically, there is some link right and there is some domain im going to show you and how they are targeting they are targeting through the phishing attack.
They are giving you one of the link you there and uh just telling you to enable those things just telling you to click on those things. Once you will click on there. You will directly redirect to the page where you will have to enter the captcha once you will enter the captcha. It will again redirect to the microsoft page uh, microsoft page, the fake page. You can say the link is not legitimate and you will have to enter the uh. You can say credential thats how it is working. So the method is the link redirecting to phishing pages. Ask for the captcha. Once you will find the capture identity, direct to microsoft, microsoft, page and ask for the credentials, so these are the domains ct xyz, you can say these are the domains they have used. What is the mitigation so do not click on any link before analyzing? It do not revert back to any of the email which is not legitimate and apply anti phishing, thats, quite very important. So if you havent uh buy my course of for the email how to analyze the phishing email, you can just go in the description and you can buy those courses. Okay, the fourth one. We have new malware family using c lfs, lock files to evade the detection. Now lets see, the third name is malware is being called private log. This is according the to the researchers they they found. One of the files regarding private log and the installer was named as stash log who detected the service security researcher of fire eyes.
This is the same of a company. You can see the organization who detected uh if im not wrong. Uh there there was a recently uh sunburst one of the virus, which is uh. You can, if you, if you can remember the solar wind attack right. So there was a sunburst which is one of the virus or malware that was uh detected by fire. So the summary – the researcher of iras mandate, advanced practices, team, have revealed this and the malware depends on the common log file system to cover a second stage payload in the registry transaction file, so that they can easily evade detection mechanism. Clfs is logging pro framework right. So you might be have some difficulty to know about clfs, so its a logging pro logging framework and microsoft built that for windows, vista cliff, is a prominently used by the kernel transaction manager that is ktm for both transactional and tfs, as well as the our transactional Registry, so its very important – and i guess it is uh in every operating system. So all these things that are used by the private log and stash log are office vacated. Obviously it means that is, you can say, hidden right. Hiding of data, the the technique of uh hiding that right is known as office for kitted, so dll files after an office wicket after uh, they unhidden those things and they found that there are two for dll file that is p rntvpt.