A cybersecurity team investigating the dark web discovered a new macOS hVNC (Hidden Virtual Network Computing) tool targeting SMEs. The tool allows stealthy remote control of compromised devices, stealing sensitive information without the user's knowledge. Crypto scams continue to get sophisticated with advanced tools. Security experts reported that CryptoRom fraudsters are using AI chat tools and manipulating dating app users to siphon off more money. Besides, they also sneaked seven fake cryptocurrency investment apps into official app stores, increasing the risk for victims.

Separately, an ongoing cyberattack spree exploiting the critical CVE-2023-3519 vulnerability has compromised hundreds of Citrix Netscaler ADC and Gateway servers. The CISA has also warned of attacks against Citrix devices, and Citrix itself confirmed active exploitation of the vulnerability.

Top Breaches Reported in the Last 24 Hours

Data breach impacts millions

The MOVEit saga isn’t over yet as Allegheny County of Pennsylvania issued a warning about a global cybersecurity breach affecting the personal information of individuals, such as driver's licenses and Social Security numbers. The county was targeted by cybercriminals who gained access to files on May 28-29. The hackers, reportedly, asserted their interest in solely obtaining business data and stated that they deleted the remaining files from the county.

Top Malware Reported in the Last 24 Hours

New macOS threat

Israeli cybersecurity company Guardz warned of a new hVNC malware targeting macOS devices. The malware, advertised on a Russian hacker forum, has been available since April 2023. It provides threat actors with stealthy remote control over infected machines, reverse shell, file management, and browser detection capabilities. The main purpose of the malware appears to be data theft, including sensitive information such as credentials, and personal and financial data.

Top Vulnerabilities Reported in the Last 24 Hours

Hundreds of Citrix servers breached, abused

A critical RCE vulnerability, CVE-2023-3519, affecting Citrix Netscaler ADC and Gateway servers has been exploited in a series of attacks, resulting in the compromise of at least 640 servers with web shells. The Shadowserver Foundation disclosed the extent of the attacks, indicating that the actual number of compromised servers is likely higher. Citrix released security updates on July 18th and only little progress has been observed in patching vulnerable servers.

Chrome released updates

The recent Chrome update addresses three high-severity type confusion bugs in the V8 JavaScript and WebAssembly engines. The update also fixes six other high-severity vulnerabilities. As of now, there is no evidence of these vulnerabilities being exploited in attacks. The latest Chrome release is version 115.0.5790.170 for Mac and Linux and version 115.0.5790.170/.171 for Windows.

Top Scams Reported in the Last 24 Hours

Scammers target dating app users

Sophos researchers have identified a rise in CryptoRom scams, a type of pig butchering scheme targeting users of dating apps with fake cryptocurrency investments. The scammers adopted an AI chat tool, possibly ChatGPT, to engage victims in more convincing conversations and extort money by claiming the victims' crypto accounts were hacked. Furthermore, seven new fake cryptocurrency investment apps have been found in the official Apple App Store and Google Play Store, expanding the potential victim pool.

Don’t take those Flipper Devices

Scammers are impersonating Flipper Devices and offering free FlipperZero gadgets in exchange for completing an offer. However, the website directs users to insecure browser extensions and fraudulent sites. The real Flipper Devices warns users to be cautious, as they have no affiliation with the fake site. The scam website is still active, so users have been advised to shop via a legitimate store and avoid falling victim to such campaigns.