Cracking the shell: APT28 harnessed the GooseEgg tool to exploit a Windows vulnerability and pilfer credentials. The activity has been ongoing since 2019. A new info-stealer made its debut in the threat landscape. Named Sharp Stealer, the malware has been targeting gamers. As per a new report, attackers are moving away from phishing scams toward vulnerability exploitation for initial access. Here are the top 10 highlights from the past 24 hours.
01
Russian APT group APT28 has been using a novel post-compromise tool called GooseEgg to exploit a Windows Print Spooler bug and steal credentials since at least April 2019.
02
Researchers spotted a new info-stealer, named Sharp Stealer, deployed against gamers. It can pilfer details from Google Chrome, Yandex, Brave, Edge, Comodo, and UR browsers.
03
The Nespresso website has an open direct vulnerability that is being exploited in a phishing campaign, to bypass security tools and steal victims' Microsoft credentials.
04
ASEC discovered the distribution of phishing files that mimic Korean portal websites, logistics and shipping brands, and webmail login pages. The threat actor also utilized NoCodeForm to exfiltrate account credentials.
05
Threat actors are abusing GitHub and GitLab's "comments" feature to upload malware to their CDNs, creating convincing lures by associating the malicious files with official repositories.
06
The Mandiant M-Trends 2024 Report revealed that in 2023, 38% of intrusions were due to vulnerability exploitation. Researchers also observed 97 unique zero-day vulnerabilities exploited in the wild.
07
Researchers at SafeBreach discussed flaws in Microsoft Defender and Kaspersky's security products that could allow remote deletion of files, even after patches.
08
The Biden administration introduced new rules under the HHS to protect the privacy of abortion providers and patients, in response to threats from conservative prosecutors.
09
The CISA aims to provide federal agencies with a list of critical software products, known as EO-critical software, by September 30 to enhance the government's cyber posture.
10
Spy[.]pet has been found selling four billion scraped private messages from Discord users, extracted through automated tools exploiting vulnerabilities in Discord's interaction with bots or third-party apps.
