The sophistication of cyber threats is reaching new heights, with attackers exploiting both custom backdoors and legitimate tools to infiltrate networks. The Chinese hacking group Winnti has been leveraging a PHP backdoor named Glutton to target other threat actors, as well as industries in the U.S. and China. In Thailand, government officials are under siege from a campaign deploying a backdoor named Yokai. Using DLL side-loading techniques, the attackers disguise Windows shortcut files as official U.S. government documents. Meanwhile, a new report sheds light on the increasing abuse of legitimate Microsoft tools in cyber incidents. Read on for more.
01
The Chinese hacking group Winnti has been found using a new PHP backdoor called Glutton to target organizations in China and the U.S., along with other threat actors.
02
The Thai government officials are being targeted by a new campaign using DLL side-loading to deliver a backdoor called Yokai. The attack starts with Windows shortcut files disguised as U.S. government documents.
03
A SocGholish malware campaign targeted Kaiser Permanente employees via fake Google Search Ads. Disguised as the company’s HR portal, the ads redirected victims to a compromised site, stealing login credentials through a fake browser update prompt.
04
Zscaler ThreatLabz found a NodeLoader malware campaign using Node.js apps for Windows to spread cryptocurrency miners and information stealers, including XMRig, Lumma, and Phemedrone Stealer.
05
A critical vulnerability (CVE-2024-38819) in the Spring Framework has been publicly disclosed, allowing attackers to conduct path traversal attacks and potentially access sensitive files on affected servers.
06
Threat actors’ use of legitimate Microsoft tools increased by 51% in H1 2024 compared to 2023, new report reveals. Researchers identified 187 unique Microsoft LOLbins across 190 incidents, with 64 appearing only once in the dataset.
07
Team82 conducted research on Ruijie Networks' devices and uncovered 10 vulnerabilities in its Reyee cloud management platform, affecting both the platform and Reyee OS network devices.
08
Over 200,000 YouTube creators have been targeted by cybercriminals posing as well-known brands in a new phishing campaign. Cloudsek reported that over 340 SMTP servers and 46 RDP systems are part of this campaign.
09
The FTC issued a warning about a steep increase in task scams, which are online job scams that resemble gambling. It received 20,000 reports of these scams in H1 2024.
10
The German federal information security agency disrupted a botnet called Badbox that infected around 30,000 backdoored digital picture frames and media players with knockoff Android OS shipped from China.
