CrowdStrike’s name has been weaponized in a phishing campaign, with cybercriminals posing as recruiters to dupe job seekers into installing XMRig miner. Socket exposed a shadowy scheme where npm packages masquerade as legitimate tools but steal Solana private keys, sending them through Gmail. Two coordinated threat actors have turned these packages into a gateway for wallet-draining operations, amplified by GitHub repositories. MirrorFace, a China-linked group, has cast a long shadow over Japan’s cyber landscape since 2019, revealed researchers. Read on for more.
01
CrowdStrike has detected a phishing campaign impersonating the company with fake job offer emails. If the target passes sandbox checks, the application tricks them into installing XMRig miner.
02
Socket discovered malicious npm packages designed to steal Solana private keys and transfer them via Gmail. Two threat actors are involved in this scheme, using overlapping tactics.
03
The China-nexus RedDelta targeted Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with spear-phishing emails to drop a customized version of the PlugX malware.
04
Threat actors have developed a fake PoC exploit targeting a critical bug in Windows LDAP to trick security researchers into downloading info-stealer. Attackers created a malicious repository hosting the fake PoC.
05
A new variant of Banshee Stealer for macOS has been evading detection by adopting string encryption from Apple's XProtect, allowing it to blend in with normal operations and collect sensitive information.
06
Threat actors are attempting to abuse a security flaw in GFI KerioControl firewalls, allowing RCE if successful. The vulnerability, CVE-2024-52875, involves a CRLF injection attack.
07
Japan's National Police Agency (NPA) and NCSC allege that a China-linked group called MirrorFace has been attacking organizations, businesses, and individuals in Japan since 2019, with ANEL, LODEINFO, and NOOPDOOR.
08
The Fancy Product Designer plugin for WordPress is vulnerable to two critical security flaws—CVE-2024-51919 and CVE-2024-51818—that allow for arbitrary file uploads and SQL injection attacks.
09
The U.K government has allocated £1.9 million ($2.3 million) for 30 Cyber Local projects to address cyberthreats and skills shortages across different regions in England and Northern Ireland.
10
Darktrace announced the acquisition of cloud forensics and incident response platform startup Cado Security for an undisclosed sum.
