Beware the toll of deception: The FBI warned about a widespread SMS phishing attack that is ensnaring Americans with bogus road toll fee notifications. Speaking of phishing campaigns, attackers were found impersonating the Exodus crypto wallet interface to deploy FatalRAT. A new cyberespionage campaign was unveiled in South Asia, disseminating the LightSpy iOS spyware. Here are the top 10 highlights from the weekend.
01
The FBI issued a warning about a large-scale SMS phishing attack targeting Americans with fake road toll fee messages, prompting over 2,000 complaints.
02
A sophisticated phishing campaign mimicked the Exodus cryptocurrency wallet interface to lure Chinese-speaking individuals and organizations and infect them with FatalRAT and other malware.
03
Test files containing the XZ Utils backdoor were found in the liblzma-sys Rust crate, impacting over 21,000 downloads. The test files were identified in version 0.3.2, leading to their removal in version 0.3.3.
04
Cybercriminals attempted to use deepfake technology to impersonate the CEO of LastPass and target an employee in a fraud scheme.
05
BlackBerry uncovered a new cyberespionage campaign targeting users in South Asia with the latest variant of Apple iOS spyware called LightSpy, named F_Warehouse.
06
Organizations with on-premise installations of Delinea Secret Server have been urged to update them immediately as a critical flaw could allow attackers to bypass authentication, gain admin access, and extract secrets.
07
ASEC identified a modified version of the mimeTools.dll plug-in, distributed as part of a Notepad++ package for DLL-hijacking to trigger malware upon program launch.
08
European police arrested nine individuals and seized millions of euros in a crackdown on the JuicyFields investment fraud scheme, which targeted over 550,000 Europeans.
09
Enterprise GenAI access control provider Knostic raised $3.3 million in pre-seed funding from Shield Capital, Pitango First, DNX Ventures, Seedcamp, and others.
10
Cybersecurity services provider Cyderes announced the acquisition of IAM provider Ipseity Security. The financial terms of the deal were not disclosed.
