Cybercriminals are upping their game, using sophisticated tools and cunning strategies to exploit weaknesses and trust alike. TA397 recently targeted a Turkish defense sector organization with a lure involving infrastructure projects in Madagascar. The campaign delivered WmRAT and MiyaRAT. When outdated devices meet weak defenses, they become silent pawns in a global game of cyber espionage. The FBI has issued an alert about new HiatusRAT attacks focusing on vulnerable web cameras and DVRs. Meanwhile, the investment scam landscape is seeing explosive growth. A new scheme called Nomani has witnessed a massive growth, leveraging fraudulent ads on social media platforms. Here are the top 10 highlights from the past 24 hours.
01
TA397 targeted a Turkish defense sector organization with a lure about public infrastructure projects in Madagascar, using tactics like alternate data streams in a RAR archive to deliver WmRAT and MiyaRAT.
02
The FBI warned about new HiatusRAT attacks targeting vulnerable web cameras and DVRs, particularly focusing on Chinese-branded devices with known vulnerabilities and weak passwords.
03
Bogus software update alerts are being used by cybercriminals to spread a new malware known as CoinLurker. These software update prompts utilize Microsoft Edge Webview2 to execute the malware.
04
Guardio Labs discovered a new type of ClickFix-style attack linked to a campaign called DeceptionAds, which is responsible for over one million daily ad impressions.
05
A new type of investment scam called Nomani has been targeting victims through fraudulent ads on social media platforms. It grew by over 335% between H1 and H2 2024, with more than 100 new URLs detected daily on average between May and November 2024.
06
Microsoft disclosed a critical RCE vulnerability (CVE-2024-49112) in its LDAP service, which allows unauthenticated attackers to execute arbitrary code within the LDAP service.
07
Unit 42 researchers discovered security vulnerabilities in the Azure Data Factory Apache Airflow integration, allowing attackers to gain unauthorized access and control over the infrastructure.
08
The CISA updated the National Cyber Incident Response Plan (NCIRP), which outlines government coordination and response to large-scale cyberattacks, emphasizing collaboration with the private sector and non-federal stakeholders.
09
Arctic Wolf has signed a definitive agreement to acquire Blackberry's Cylance endpoint security assets in a deal worth $160 million.
10
SaaS data protection and backup provider Keepit raised $50 million in a Series C funding round led by One Peak and the Export and Investment Fund of Denmark.
