Malware is evolving into a stealthier adversary, cloaking its communication channels and delivery mechanisms under layers of deception. I2PRAT, a newly discovered RAT, uses the I2P network for encrypted and anonymous communication. RiseLoader has emerged as a versatile loader, using a custom TCP protocol to deliver a range of secondary payloads like Vidar and Lumma Stealer. In parallel, cybercriminals have turned to spoofing Google Calendar emails in a phishing campaign targeting 300 organizations. Read on for the top 10 highlights from cyberspace.
01
I2PRAT is a new malware that leverages I2P for encrypted, anonymous C2 communication via I2PD. Delivered through phishing emails, it tricks users into executing malicious PowerShell commands to install a RAT.
02
Zscaler identified RiseLoader, a new malware leveraging a custom TCP-based protocol. RiseLoader delivers second-stage payloads, such as Vidar, Lumma Stealer, XMRig, and Socks5Systemz.
03
A phishing campaign targeted European companies to harvest Microsoft Azure credentials, impacting roughly 20,000 users from automotive, chemical, and industrial compound manufacturing industries.
04
Criminals are spoofing Google Calendar emails in a phishing scheme affecting about 300 organizations, with over 4,000 emails sent in four weeks.
05
A new phishing campaign is tricking people by pretending to be a data breach warning from Ledger. These emails ask users to verify their recovery phrases, which can lead to stolen cryptocurrency.
06
Earth Koshchei's rogue RDP campaign used spear-phishing emails with a malicious RDP configuration file to target government, military, and academic organizations, potentially leading to malware installation.
07
A new phishing campaign, known as FLUX#CONSOLE, is using tax-themed lures to deliver a stealthy backdoor payload in attacks targeting Pakistan.
08
The Apache Software Foundation released updates for Apache Tomcat, fixing two vulnerabilities: CVE-2024-50379, enabling RCE via the default servlet, and CVE-2024-54677, a DoS flaw in the "examples" web application.
09
A security researcher has discovered a critical vulnerability (CVE-2024-53376) in CyberPanel, which allows attackers to execute OS commands and compromise servers. The vulnerability exists in versions of CyberPanel prior to 2.3.8.
10
The CISA issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their cloud environments by implementing mandatory secure configuration baselines, starting with Microsoft 365.
