A slew of unpatched bugs in your software is the easiest recipe to put your organization at extreme risk of cyberattacks. Cybersecurity authorities across the U.S., the U.K, and Australia issued an advisory about an Iranian APT group exploiting known vulnerabilities for network intrusion. Meanwhile, the use of a detection evasion technique has come to the limelight as threat actors leverage a domain owned by the Myanmar government for nefarious purposes. Streaming service scams are back as threat actors are trying to lure unsuspecting users into giving up their payment details. Read on to know what else materialized in the last 24 hours.
01
Cyber authorities across the U.K, the U.S., and Australia have urged admins to patch four vulnerabilities in Fortinet and Microsoft Exchange abused by an Iranian government-backed APT group.
02
A malicious campaign is leveraging a legitimate domain owned by the Myanmar government in a technique, dubbed domain fronting, used to evade detection by routing communications to a server controlled by the attacker.
03
A highly skilled group of threat actors—RedCurl—attacked a large Russian wholesale company for the second time this year. The group focuses on cyberespionage and is responsible for at least 30 attacks in Russia, the U.K, Germany, and Norway, among others.
04
Flashpoint researchers claimed that the Russian-speaking cybercrime world is slowly starting to include Chinese- and English-speaking cybercriminals, especially on the Ramp forum.
05
In a new phishing campaign, scammers are luring targets via fake subscriptions to streaming services in an attempt to swipe their payment information.
06
The U.S. Department of Justice enforcement will start the liquidation of the $57 million worth of cryptocurrency seized from BitConnect as a means of restitution to the victims of the fraud committed by the platform.
07
Singapore’s Personal Data Protection Commission (PDPC) issued a fine of $54,456 on Commeasure, a travel company, for exposing the personal details of 5.9 million customers through its travel booking website named RedDoorz.
08
SOS Intelligence analysts revealed that most Signaling System 7 (SS7) exploit service providers on dark web forums are scammers. However, the legitimate ones stay hidden behind membership-only forums and marketplaces.
09
Ontic, a Texas-based protective intelligence software platform provider, raised $40 million in Series B funding, led by JMI Equity and other participants.
10
Laminar, a public cloud data protection provider, raised $32 million in Series A funding, led by Insight Partners, with participation from a few others.
