Diplomats are a high-value target for cybercriminals. A newly identified APT group Actor240524 is capitalizing on this by using spear-phishing emails to target diplomats from Azerbaijan and Israel to steal sensitive information. Meanwhile, a threat cluster STAC6451 has been detected exploiting vulnerable Microsoft SQL Server databases, compromising various organizations in India. A report indicated that 21 new ransomware groups emerged in the first half of 2024. Here’s more from the past 24 hours.
01
Researchers identified a new APT group, Actor240524, deploying ABCloader and ABCsync trojans via spear-phishing emails, targeting Azerbaijani and Israeli diplomats to steal sensitive data.
02
A new threat activity cluster, STAC6451, has been found exploiting exposed Microsoft SQL Server database servers to deploy ransomware, compromising multiple Indian organizations.
03
A new phishing campaign has been discovered leveraging Google Drawings and WhatsApp links to trick users into clicking on malicious links and fake Amazon pages to harvest victim’s information.
04
A researcher explored downgrade attacks on Windows using a tool called Windows Downdate, which can make fully patched Windows systems vulnerable to past vulnerabilities, effectively turning fixed vulnerabilities into zero days.
05
The Russian threat actor, Crazy Evil, has been impersonating screen recorder Loom hosted on Google ads to distribute a new version of the AMOS macOS stealer that can replace specific crypto wallet apps with clones.
06
Threat actors have been found exploiting a fixed critical severity vulnerability (CVE-2024-4885) in Progress WhatsUp Gold 23.1.2 and older versions, allowing unauthenticated remote code execution.
07
The CISA and FBI updated an advisory, warning against the rising ransom demands of the BlackSuit ransomware. The update also provides network defenders with TTPs, and IOCs associated with the ransomware activities.
08
Rapid7’s Ransomware Radar Report revealed that 21 new ransomware groups emerged in the first half of 2024, with a 23% increase in ransomware groups actively posting on leak sites. Also, smaller organizations increasingly becoming frequent targets.
09
The NHS has partnered with the NEBRC to provide funding for cyber threat prevention for small and medium social care businesses. The initiative includes free cyber services and training, aiming to protect social care services from cyberattacks in the North East of England and Yorkshire.
10
Anjuna Security, a confidential computing platform provider, closed a $25 million in Series B2 financing round led by M Ventures, SineWave Ventures, and AI Capital Partners, with participation from existing investors.
