In a recent development highlighting the persistent threat of SQL injection vulnerabilities, critical flaws have been discovered in Gentoo Soko. Various risks and potential consequences due to the flaws include unauthorized access, data breach, and RCE attacks. Meet the 8Base ransomware group that is responsible for launching a barrage of cyberattacks on victims across sectors. While some earlier findings did not reveal much about the group, the new report by VMware's Carbon Black team has made some major revelations.

LetMeSpy has been hacked! The Polish company behind the Android stalkerware suggests that personal information and other critical data were likely collected by cybercriminals. Researchers claim that a large number of LetMeSpy users are U.S. college students.

Top Breaches Reported in the Last 24 Hours

LetMeSpy database deleted

Radeal, the developer of the Android stalkerware LetMeSpy, disclosed a cyberattack wherein sensitive user information was allegedly stolen and then wiped off from the database. The app operates discreetly by uploading the phone's text messages, call logs, and precise location data to its servers without the user's knowledge or consent. The identity and motive of the perpetrators behind the LetMeSpy hack aren’t clear.

Cl0p claims 130 victims

The Cl0p ransomware group, responsible for numerous breaches due to a MOVEit file transfer tool, may have impacted at least 131 organizations, noted cybersecurity research firm KonBriefing. The majority of these attacks were observed to have occurred on May 27 and May 28, deliberately coinciding with the extended Memorial Day holiday weekend in the United States.

Top Malware Reported in the Last 24 Hours

Sudden ransomware activity spike

According to VMware Carbon Black researchers, ransomware threat 8Base has been conducting double extortion attacks for over a year and is behind a noticeable rise in ransomware activities in May and June 2023. 8Base has been connected to 67 attacks by Malwarebytes and NCC Group. Approximately 50% of the targeted victims belong to the business services, manufacturing, and construction sectors.

Malicious NPM and PyPI packages

Security researchers have laid bare an ongoing attack campaign that specifically targets the npm ecosystem via a pair of malicious packages. To make an attack successful, it is imperative for criminals to install packages in a particular order. Meanwhile, another group reported six malicious PyPI packages uploaded by a common account and targeted only Windows OS. One more PyPI package named "libiobe" was identified that targeted both Windows and Linux platforms.

A malware under work

ThirdEye, a previously unseen infostealer, has been spotted in the wild by FortiGuard Labs. Researchers haven’t found any evidence of the malware being used in real-world attacks, however, warned that it can harvest diverse system information from compromised machines, including BIOS and hardware data. As of now, the information stealer is not categorized as highly advanced, however, it exclusively focuses on Windows users.

Triada trojan in fake app

The mobile research team at Check Point uncovered a trojanized version of the widely-used Telegram messenger. This malafide version of the app contains embedded malicious code associated with the Triada trojan. The malware disguises itself as the Telegram app version 9.2.1. It collects device information, establishes a communication channel, retrieves a configuration file, and then waits for a payload from a remote server.

Top Vulnerabilities Reported in the Last 24 Hours

SQL injection bugs expose data

Gentoo Soko was found affected by multiple SQL injection vulnerabilities despite the use of an Object-Relational Mapping (ORM) library and prepared statements. These could result in remote code execution on susceptible systems while also posing a threat to customer data exposure. The two issues—collectively earmarked CVE-2023-28424—were discovered in the search feature of Soko.