Pantropic Newsletter #24

Posted December 28, 2023

by Sarah


Pantropic Newsletter #24 (September 2023)

Bing Chat responses infiltrated by ads pushing malware


Malicious ads infiltrate Microsoft’s Bing Chat, promoting fake download sites laden with malware. These deceptive ads exploit users’ trust in AI-driven chat tools, potentially leading to inadvertent clicks. The malvertizing campaign imitates a popular IP scanner, leading to a risky redirect chain. While the final payload remains undisclosed, users must exercise caution when engaging with chatbot results to prevent potential cyber threats. Users are urged to stay vigilant and verify URLs before downloading anything.

(Source: Bleeping Computer)


BlackCat ransomware hits Azure Storage with Sphynx encryptor


BlackCat (ALPHV) ransomware strikes Azure cloud using stolen Microsoft accounts and a new Sphynx encryptor variant. Sophos discovered this during a breach investigation. Attackers compromised a Sophos Central account, disabled security, and encrypted systems and Azure storage. This group, possibly a DarkSide/BlackMatter rebrand, is known for global enterprise targeting and adaptation.

(Source: Bleeping Computer)


Adobe warns of critical Acrobat and Reader zero-day exploited in attacks


Adobe has issued critical security updates to patch a zero-day vulnerability (CVE-2023-26369) in Acrobat and Reader. Attackers have actively exploited it on both Windows and macOS systems. This flaw allows code execution but requires user interaction and local access. Adobe advises immediate installation of the update, and other security issues in Adobe Connect and Adobe Experience Manager were also addressed.

(Source: Bleeping Computer)


Microsoft Teams phishing attack pushes DarkGate malware


A recent phishing campaign misuses Microsoft Teams messages to disseminate DarkGate Loader malware. Starting in late August this year, attackers sent phishing messages from compromised Office 365 accounts, convincing recipients to download a ZIP file. Opening the attachment triggers the download of DarkGate Loader, which is a versatile malware. This threat warrants close monitoring as it poses an increasing risk.

(Source: Bleeping Computer)


Billions of usernames and passwords leaked online — what you should do right now


DarkBeam, a digital risk protection company, left an online database unprotected, exposing over 3.8 billion user records. These records, including email addresses and passwords, were from previous breaches. Password reuse poses a significant risk, and users should consider enabling two-factor authentication to protect their accounts. Data leaks like this underline the importance of strong, unique passwords.

(Source: Toms Guide)


Backup and Data Security Solutions


This “white glove” managed service is the next generation secure offsite backup you need right now. We monitor your backups daily, help you troubleshoot any problems, and can assist you with restorations when you need it. Our Data Security Module can perform bi-directional anti-malware scans, content disarm and reconstruction (CDR), and protect your backups with biometric Deep MFA and multi-person workflow, crucial in stopping stolen credential attacks.


Leading desktop and laptop backup solution providing automated and continuous data backup protection with unlimited capacity backup licensing and flexible deployment options. Ensures fast and complete backup and recovery anytime, anywhere.


A next-generation endpoint protection platform using AI and machine learning to effectively stop breaches including true NGAV, endpoint detection and response (EDR), threat intelligence management and automation.


World’s largest security awareness training platform with simulated phishing attacks, educating and empowering employees to strengthen IT security against cybercriminals.


Copyright © 2023 Pantropic Online Pte Ltd. All rights reserved.