Think your dev tools are safe? Think again. A recently discovered malicious PyPI package aimed at Discord developers, stealing authentication tokens and installing a backdoor for remote control. Meanwhile, Russian state-backed Star Blizzard has changed its tactics, now spear-phishing victims to compromise their WhatsApp accounts. Experts also warned of an IoT botnet, spawned from the likes of Mirai and Bashlite, fueling massive DDoS attacks in Japan by exploiting routers and IP cameras. Here are the top 10 highlights from the past 24 hours.
01
Researchers at Socket warned of a malicious PyPI package named 'pycord-self' targeting Discord developers to steal authentication tokens. The package also deploys a backdoor implant to maintain system control remotely.
02
Russian state-linked threat group Star Blizzard was found infiltrating victims’ systems by compromising WhatsApp accounts through a spear-phishing campaign.
03
Trend Micro discovered an IoT botnet, derived from Mirai and Bashlite, behind large-scale DDoS attacks against companies in Japan. The botnet primarily exploited wireless routers and IP cameras.
04
A new adversary-in-the-middle (AitM) phishing kit called Sneaky 2FA is capable of stealing Microsoft 365 credentials and 2FA codes, warns Sekoia. The kit is sold as phishing-as-a-service through a Telegram bot.
05
Imperva uncovered a campaign hitting PHP-based web apps using Python bots and GSocket, intending to promote gambling platforms in Indonesia. Most of the attacks targeted servers running Moodle.
06
The FCC issued a declaratory ruling, requiring telecom operators to secure their networks as per the Communications Assistance for Law Enforcement Act. The agency also notified of proposed rulemaking for telcos to develop and implement cybersecurity and supply chain risk management plans.
07
Silverfort researchers found that the Microsoft Active Directory Group Policy designed to disable the legacy NTLM v1 authentication mechanism can be bypassed using a misconfiguration in on-premise applications.
08
NVISO Labs analyzed a phishing campaign attributed to the Black Basta ransomware group, leveraging Microsoft Teams and posing as IT support to gain access to victims’ systems via remote access software.
09
Real estate scams are rising across the Middle East, with expats often targeted, as scammers exploit online listings and bypass verification processes. Group-IB warned that the region’s median financial loss per scam case is $3,064.
10
Social media security startup Spikerz announced $7 million in seed funding led by Disruptive AI, including participation from Horizon Capital, Wix Ventures, Storytime Capital, and BDMI.
