Misconfigured Docker servers have become a goldmine for threat actors spreading Gafgyt malware. Leveraging legitimate "alpine" images, attackers exploit Docker Remote API servers to infect systems and launch disruptive DDoS campaigns. RevC2 and Venom Loader, two newly discovered malware families, have emerged as critical threats in campaigns orchestrated by the MaaS provider Venom Spider. In another vein, Cloudflare's domains pages[.]dev and workers[.]dev are seeing a surge in malicious use, with abuse rates skyrocketing. Cybercriminals are capitalizing on these trusted platforms to deliver phishing schemes and other malicious activities. Read on for more.
01
Threat actors are exploiting misconfigured Docker servers to spread Gafgyt malware, targeting Docker Remote API servers. By using a legitimate “alpine” image, they infect victims and leverage the malware for DDoS attacks.
02
ThreatLabz discovered two new malware families, RevC2 and Venom Loader, active from August to October 2024. These are part of campaigns using the MaaS platform from a threat actor named Venom Spider.
03
Developers of decentralized applications downloaded compromised versions of the Solana Web3.js library after an attacker hacked a GitHub account with publishing rights.
04
Kimsuky conducted phishing attacks to steal credentials, initially posing as Japanese and Korean senders before switching to Russian disguises. Using VK Mail[.]ru and compromised servers, it targeted users with fake alerts about MYBOX accounts.
05
The CISA, the NSA, and the FBI, along with other international security agencies, issued a warning about a significant cyber-espionage campaign carried out by PRC-affiliated threat actors targeting global telecommunications providers.
06
Cybercriminals are increasingly exploiting Cloudflare's pages[.]dev and workers[.]dev domains for phishing and malicious activities, with a 100% to 250% rise in abuse compared to 2023.
07
The mySCADA myPRO software has been found to have critical security vulnerabilities that could allow remote attackers to gain unauthorized access and control over industrial infrastructure.
08
ENISA's inaugural report on the state of cybersecurity in the EU offered six policy recommendations targeting crisis management, supply chains, cyber skills, and awareness, emphasizing harmonization and capability-building.
09
German police shut down the country’s largest illegal dark web marketplace, Crimenetwork, and arrested a suspected administrator, seizing high-value assets and crypto funds.
10
Law enforcement agencies have taken down a criminal encrypted messaging service called Matrix. The service had over 8,000 users worldwide.
