The cybersecurity battlefield is constantly evolving. Here's a look at some recent skirmishes. Researchers plugged a malicious server used by a PlugX malware variant to infect over two million devices worldwide. However, another campaign dubbed FROZEN#SHADOW is underway, using phishing emails to deploy malware. Perhaps most concerning is the revelation of a five-year-long infiltration of U.S. employee accounts by Iranian actors, highlighting the need for constant vigilance on all fronts. Read on to know more.
01
Sequoia researchers sinkholed a malicious C2 server that a variant of PlugX malware used to infect over 2.5 million devices across 170 countries in the last six months.
02
Securonix reported an ongoing attack campaign, named FROZEN#SHADOW, that leverages phishing emails to deploy SSLoad malware via Cobalt Strike and ScreenConnect RMM.
03
The U.S. DoJ revealed that Iranian state-sponsored threat actors successfully infiltrated thousands of employee accounts from U.S. companies and government agencies in a campaign that lasted for five years, from 2016 to 2021.
04
Zimperium researchers warned that nearly 1,000 samples of the Godfather mobile banking trojan are circulating in 57 countries. These samples have been found targeting hundreds of banking apps.
05
Following the 2023 holiday season, Akamai has uncovered a significant increase in phishing and smishing activities against U.S. residents purporting to be from the United States Postal Service.
06
An old Microsoft vulnerability was used in a targeted attack against Ukraine to deploy Cobalt Strike in the initial stage, reported Deep Instinct. The exploit code for the vulnerability was distributed via a PPSX file that purported to be an old instruction manual for mine clearing blades for tanks.
07
A critical SQL injection flaw in the WP-Automatic WordPress plugin is being exploited to take control of sites, reported WPScan. The issue exists in the plugin’s user authentication mechanism.
08
In a new report, NetScout Systems highlighted that over seven million DDoS attacks were launched in the second half of 2023, representing a 15% increase from H1 2023.
09
Researchers from the University of Toronto’s Citizen Lab discovered that flaws in many Chinese keyboard apps, including those from Tencent, OPPO, Samsung, and Vivo, can leave 750 million users’ keystrokes open to snooping.
10
Predictive security startup Bfore AI raised $15 million in a Series A funding round led by SYN Ventures, with renewed participation from early investors Addendum Capital, Karista, and Karma Ventures, and new investment from the Partnership Fund for New York City.
