In cyberspace, images can tell lies and trust can be a trap. HP Wolf Security exposed campaigns embedding malware in images hosted on archive[.]org, spreading VIP Keylogger and 0bj3ctivity Stealer through clever social engineering tactics. Meanwhile, Infoblox uncovered a 13,000-device MikroTik botnet exploiting SPF DNS record misconfigurations to spoof 20,000 domains and spread malware. In another instance of malicious mimicry, cybercriminals misused Google Search ads to spoof Google Ads, stealing advertiser credentials via fake login pages. Read on for more.
01
HP Wolf Security discovered two social engineering campaigns spreading VIP Keylogger and 0bj3ctivity Stealer through malicious code embedded in image files uploaded to archive[.]org.
02
Infoblox reported a new botnet of 13,000 MikroTik devices that abuses a misconfiguration in SPF DNS records to bypass email protections and deliver malware by spoofing roughly 20,000 domains.
03
A new attack campaign by North Korea’s Lazarus Group, dubbed Operation 99, targets software developers looking for freelance work in the Web3 and cryptocurrency industry to deliver information-stealing malware.
04
The CISA launched the JCDC AI Cybersecurity Collaboration Playbook to enhance voluntary information sharing on AI cybersecurity risks. It aims to bolster AI system resilience through collaboration, secure data exchange, and continuous updates based on evolving threats.
05
GuidePoint Security revealed that threat actors used SocGholish malware to exploit outdated WordPress plugins for initial access, deploying a Python-based backdoor to spread the RansomHub ransomware via compromised networks.
06
ESET reported that CVE-2024-7344, a now-patched UEFI vulnerability (CVSS 6.7), allowed Secure Boot bypass by exploiting a custom PE loader in third-party recovery software. Attackers could abuse it to load unsigned bootkits to gain stealthy persistent access.
07
Cybercriminals use Google Search ads to promote phishing sites that mimic Google Ads, stealing advertiser credentials via fake login pages on Google Sites. Malwarebytes identified multiple attacker groups leveraging stolen accounts for resale and future attacks.
08
Silverfort researchers revealed a bypass for Microsoft's Active Directory Group Policy disabling NTLMv1, exploiting a misconfigured Netlogon Remote Protocol setting. Despite policy restrictions, applications can re-enable NTLMv1, risking relay attacks.
09
The CISA reported improved cyber hygiene among critical national infrastructure (CNI) providers, with faster remediation of vulnerabilities and increased CyHy service enrollment. Experts cautioned against overreliance on patching, urging proactive strategies amid persistent OT risks and evolving attacks.
10
MSP cybersecurity solutions provider Cork secured a strategic growth investment from Top Down Ventures to scale operations and enhance its platform.
