Bad, old trojans are back in new financial phishbait campaigns to pilfer sensitive information from users. While one campaign targeting U.S. taxpayers is distributing Remcos and NetWire trojans, the other campaign that appears to be from the IRS is being used to propagate the Dridex trojan.
Rising malware threats against macOS look grim as researchers have detected another new malware dubbed XcodeSpy that targets Xcode projects. The ultimate goal of the malware is to spread custom EggShell backdoors.
Satori botnet is on a new attack spree, with the addition of a new exploit that abuses an RCE vulnerability in Iteris’ Vantage Velocity field unit.
Top Breaches Reported in the Last 24 Hours
More details on the Parliament attack
A group of Chinese state-sponsored hackers known as APT31
has been held responsible for a cyberattack on the Finnish Parliament that disrupted its IT systems. The attack, which took place in 2020, had also allowed attackers to gain access to the email accounts of some members of the Parliament.
Earth Vetala campaign
Researchers have uncovered a campaign dubbed Earth Vetala
that was aimed at UAE and Kuwait government agencies. Linked with the MuddyWater threat actor, the campaign used ScreeC0nnect and RemoteUtilities tools to gain control over systems.
103 GB data exposed
Around 103 GB worth of data belonging to New Jersey-based Descartes Aljex software
was left exposed due to a misconfigured AWS S3 bucket. This affected more than 4,000 people that included customers, company employees, sales reps, and people working for third-party.
Top Malware Reported in the Last 24 Hours
is a new malware that targets Xcode projects used in macOS for developing Apple software and applications. The ultimate goal of the malware is to spread custom EggShell backdoors. So far, two variants of EggShell have been detected, one of which shared an encrypted string with XcodeSpy.
Researchers have analyzed an active campaign
that targets U.S. taxpayers with an intent to spread NetWire and Remcos trojans. The campaign leverages the U.S. tax season to lure victims. Other key elements of the campaign include the abuse of legitimate cloud services, use of steganography to conceal payloads, and exploitation of legitimate OpenVPN clients.
A phishing campaign
that impersonates the IRS has been spotted distributing the Dridex banking trojan. The email uses the agency’s official logo and a spoofed sender domain of IRS[.]gov that claims to offer an application for financial assistance.
Fake Telegram app
Threat actors are using Google Ads to distribute a fake version of the Telegram desktop app
. Three links spoofing Telegram’s website have been detected so far. One of these sites was used to spread AZORult trojan.
Satori spreads its tentacles
An investigation reveals that Satori botnet has added a new exploit that abuses a remote command execution vulnerability (CVE-2020-9020) in Iteris Vantage Velocity field unit version 2.3.1, 2.4.2, and 3.0. The botnet scans port 23 of random hosts and tries to login with its embedded password dictionary when port 23 is open.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable Tutor LMS plugin
The popular WordPress plugin, Tutor LMS
, is riddled with several security vulnerabilities that can open doors to information theft and privilege escalation. Five of these flaws are related to SQL-injection flaws and at least one high-severity bug stems from unprotected AJAX endpoints.