Share Blog Post
American and Australian organizations have come under attack from a newly identified Agent Tesla operation. Commenced in November last year, threat actors Bignosa and Gods utilized phishing and other malware distribution techniques to infect potential victims. Announcing critical updates, Google addressed 25 bugs in Pixel device, including two actively exploited flaws in Pixel's bootloader and firmware. The update addresses various issues, with the most severe impacting Android 13 and 14.
Children, games, and cybercriminals form a vicious loop. A new campaign is luring gamers into clicking on malicious links embedded in YouTube video descriptions. These are disguised to target children with pirated software and video game cracks, posing a significant online safety risk.
Top Malware Reported in the Last 24 Hours
Malware campaign hits the U.S. and Australia
A sophisticated malware campaign orchestrated by threat actors Bignosa and Gods has been found targeting organizations in the U.S. and Australia. The operation exploits vulnerabilities in self-check-in kiosks and employs sophisticated tactics, such as spam campaigns and malware protection with the Cassandra Protector, to drop Agent Tesla. Collaborative efforts involving mentorship and technical support were identified between the threat actor groups, as revealed through Jabber communications.
Malicious links disguised in YT video descriptions
Proofpoint warned users of a new campaign deceiving them into clicking on malicious links in YouTube video descriptions. Info-stealer malware, including Vidar, StealC, and Lumma Stealer, are being delivered disguised as pirated software and video game cracks alongside legitimate content. Popular games, especially those appealing to children, are used as lures, indicating a focus on less savvy users. YouTube has removed over two dozen accounts and videos flagged by Proofpoint.
Top Vulnerabilities Reported in the Last 24 Hours
Google patches dozens of Android bugs
Google released patches for 28 vulnerabilities in Android, with 25 affecting Pixel devices. This also included two exploited flaws in Pixel's bootloader and firmware. The company warns of targeted exploitation but doesn't provide specific details. The update addresses various vulnerabilities leading to the elevation of privilege and information disclosure issues, along with fixes for Qualcomm components. The most severe issue, CVE-2024-23704, affects Android 13 and 14.
Critical SQL injection flaw in WordPress plugin
A critical security vulnerability (CVE-2024-2879) was identified in WordPress's LayerSlider plugin (a visual web content editor), affecting versions 7.9.11 through 7.10.0. This SQL injection flaw, with a CVSS score of 9.8, allowed unauthenticated attackers to extract sensitive information, including password hashes, from databases. The issue has been addressed in version 7.10.1, released on March 27.
Tags
Posted on: April 03, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
