Social engineering tactics now cleverly present users with what seems like a real problem and instant solution, prompting swift actions without considering the associated risks. In one such instance, threat actors are using social engineering tactics to deploy malicious PowerShell scripts and malware. In other news, a malicious campaign has been targeting cryptocurrency users with a fake virtual meeting software. Meanwhile, the new Satanstealer malware has been found infiltrating systems via phishing or malicious downloads, compromising browser cookies and passwords. Read along for more.
01
Threat actors, TA571 and ClearFake, have been increasingly using sophisticated social engineering techniques such as fake Chrome errors to execute malicious PowerShell scripts and install malware.
02
A widespread campaign has been using fake virtual meeting software Vortax to target cryptocurrency users, delivering the rare macOS infostealer AMOS. The campaign has been linked to a previous attack on web3 gaming projects.
03
Satanstealer, a new malware, has been targeting browser cookies and passwords by infiltrating systems via phishing emails or malicious downloads, scanning for stored credentials upon embedding itself.
04
A threat actor was found compromising a Korean corporation’s ERP server by exploiting the MS-SQL service to install a web shell and SoftEther VPN server.
05
Threat actors are luring users with free or pirated software to deliver HijackLoader, by tricking them into downloading password-protected archives containing trojanized copies of the Cisco Webex Meetings App.
06
A new Diamorphine variant has been spotted facilitating rootkit operations and arbitrary command execution via magic packets. It impersonates Netfilter's X_Tables module for covert communication between user and kernel modes.
07
VMware has patched critical vulnerabilities, CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081 in Cloud Foundation, vCenter Server, and vSphere ESXi, respectively, which could be exploited for privilege escalation and RCE.
08
A report revealed record exploitation rates for load balancers, with NGINX at 100% and Citrix at 57%, while MacOS shows a 30% increase in vulnerabilities, highlighting intensified attacks on both macOS and iOS devices.
09
The count of APIs has surged by 167% over the past year, with 95% experiencing security problems in production APIs, with 23% having suffered breaches.
10
The managed cybersecurity platform provider for SMBs, Huntress, closed a $150 million Series D funding round led by Kleiner Perkins, Meritech Capital, and Sapphire Ventures.
