Hidden in plain sight, TA558 unveiled SteganoAmor, a cleverly cloaked campaign using steganographic techniques to exploit a Microsoft Office vulnerability, orchestrating over 320 attacks that ripple across multiple sectors worldwide. In a digital strike, a Ukrainian hacker group delivered an ICS malware to Russian infrastructure, allegedly taking control of tens of thousands of sensors. In other news, the C++-based malware XDealer is back with a new version that now targets Linux. Read on for more.
01
The TA558 hacking group launched a new campaign called SteganoAmor, with over 320 attacks impacting multiple sectors across different countries. The attackers exploit the CVE-2017-11882 flaw in Microsoft Office.
02
The Ukrainian hacking group Blackjack used a destructive ICS malware called Fuxnet to target Russian infrastructure. The attackers claimed to have disabled nearly 87,000 sensors and controls.
03
In an attempt to combat spam, Microsoft announced new restrictions on bulk email sending through Exchange Online, limiting the number of external recipients to 2,000 per day starting January 2025.
04
Iran-backed threat group Handala allegedly sent 500,000 threatening text messages to Israeli citizens, claiming to have hacked the nation's radar systems.
05
Smart locks powered by Chirp Systems were found vulnerable to remote unlocking by strangers due to hard-coded passwords and private keys in its Android app. The app was updated following an alert by the CISA.
06
DinodasRAT, aka XDealer, now has a Linux variant that primarily targets Red Hat-based distributions and Ubuntu Linux. The malware is associated with the Chinese APT group Earth Krahang.
07
New data from Check Point revealed that Microsoft was the most impersonated brand, at 38%, in Q1 2024. This was followed by Google and LinkedIn at 11%.
08
The 2024 Imperva Bad Bot Report noted that bad bots now represent nearly half (49.6%) of all internet traffic, with a significant portion originating from residential ISPs (26%).
09
In Q1 2024, Resecurity observed a 325% increase in cyberattacks targeting the Philippines compared to the same period last year. This growth trajectory continues in Q2 2024.
10
Two House Republicans introduced the Water Risk and Resilience Organization Establishment Act, aiming to create a body to work with the EPA to develop cybersecurity requirements for water treatment and wastewater systems.
