An oversight can open the door to threats. Over the past five years, eScan's decision to deliver antivirus updates via HTTP has left the door wide open for man-in-the-middle attacks. Researchers observed a surge in Chinese and Russian cyberespionage groups targeting edge devices. In other news, a new malware has entered the threat landscape. Named Samurai Stealer, the malware boasts multiple advanced functionalities. Read on for more.
01
For five years, eScan antivirus updates were delivered over HTTP, allowing attackers to perform a man-in-the-middle attack and replace the genuine updates with the GuptiMiner malware.
02
Mandiant reported a significant increase in espionage attacks targeting edge devices such as VPN appliances, firewalls, routers, and IoT tools by Chinese and Russian threat actors.
03
The National Police Agency in South Korea issued a warning about North Korea-linked threat actors, including Lazarus, Andariel, and Kimsuky, targeting defense industry entities to steal information.
04
Cisco Talos found that the CoralRaider group has been using a CDN cache to store and distribute Cryptbot, LummaC2, and Rhadamanthys info-stealers in a campaign targeting systems across multiple countries, including in the U.S., the U.K, Germany, and Japan.
05
ASEC discovered two info-stealer strains made with Electron, a framework for developing apps using JavaScript, HTML, and CSS. The malware is disguised as legitimate applications.
06
The North Korean Lazarus Group has been targeting crypto firms through LinkedIn malware attacks, by impersonating blockchain developers to steal confidential information and assets.
07
A new and highly advanced malware Samurai Stealer has been identified in targeted attacks. It can infiltrate systems, steal sensitive information, and bypass traditional antivirus protections.
08
Siemens has urged organizations to implement workarounds for a maximum severity zero-day bug (CVE-2024-3400) affecting its Ruggedcom APE1808 devices configured with Palo Alto Networks (PAN) Virtual NGFW.
09
Sweden's NCSC is facing reforms and will be brought under the control of the country’s cyber and signals intelligence agency, FRA, due to its failure to achieve expected results.
10
Veeam Software announced the acquisition of cyber-extortion incident response specialist Coveware. Terms of the deal were not disclosed.
