FunkSec’s low-ransom chaos redefines ransomware economics. With a strategy of low ransom demands and discounted stolen data, FunkSec blends hacktivism roots with AI-assisted ransomware operations. Codefinger flips the script on cloud security. This new ransomware crew exploits AWS S3 bucket encryption, hijacking customer-provided keys to render critical data inaccessible. In other news, cybercriminals are using transaction simulation spoofing to mislead victims into approving fraudulent transfers. Read on for the top 10 highlights from cyberspace.
01
Check Point has identified a new ransomware group called FunkSec that has targeted over 80 victims in a month, primarily in the U.S., India, Italy, Brazil, Israel, Spain, and Mongolia.
02
A new ransomware crew called Codefinger targets AWS S3 buckets and uses AWS's server-side encryption with customer provided keys to lock up victims' data.
03
The RedCurl APT group has been identified carrying out malicious activities in Canada, utilizing scheduled tasks to execute pcalua.exe for running malicious binaries and Python scripts.
04
Cybercriminals are using a tactic to bypass Apple iMessage's phishing protection by tricking users into re-enabling disabled links. This tactic involves sending smishing texts and asking recipients to reply with "Y" to enable the links.
05
Threat actors are using a new tactic called transaction simulation spoofing to deceive users into approving fraudulent transactions. It involves luring victims to a fake website that initiates a deceptive "Claim" function, showing a small amount of Ethereum in a transaction simulation.
06
Infoblox uncovered a sophisticated domain spoofing technique used by Muddling Meerkat in various spam campaigns, including phishing, brand impersonation, extortion, and mysterious financial scams.
07
Research by ASEC revealed that FakePage (74%) was the most prevalent threat type among phishing email attachments, in Q4 2024. It is followed by trojans (12%) and downloaders (10%).
08
A security researcher revealed a PoC exploit for CVE-2024-54498, a vulnerability allowing applications to escape the macOS Sandbox. Apple has fixed this vulnerability in macOS Sequoia 15.2, macOS Ventura 13.7.2, and macOS Sonoma 14.7.2.
09
Cybersecurity researchers have identified a new phishing tactic using YouTube URLs and Microsoft 365 password expiration lures. These emails, often urgent, trick users into revealing sensitive information.
10
WatchGuard Technologies announced the acquisition of ActZeroto expand its MDR services. Terms of the deal were not disclosed.
