The cyber landscape is heating up with a trio of cunning attacks. Eleven11bot has snared over 86,000 IoT devices for DDoS mayhem, hitting countries across the world. Russia’s APT28 is prowling Central Asia and Kazakhstan with a stealthy HTA Trojan, while scammers exploit the Docusign API to sling fake PayPal phishing emails, luring users into a fraudulent trap. Read on for more.
01
A new botnet, Eleven11bot, has infected over 86,000 IoT devices, to conduct DDoS attacks. Most infected devices are in the U.S., the U.K, Mexico, Canada, and Australia.
02
The Russian APT28 has been targeting Central Asia and Kazakhstan, in a new cyberespionage campaign, via sophisticated obfuscation techniques in its HTA Trojan.
03
Socket discovered an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules designed to deploy loader malware on Linux and macOS.
04
An advanced cyberespionage campaign, named Operation Sea Elephant, has been found primarily targeting research institutions, universities, and government organizations in South Asia.
05
A new malicious campaign has been discovered that uses a sophisticated attack on booking websites to deliver LummaStealer samples via fake CAPTCHAs.
06
A critical vulnerability, CVE-2024-53676, has been discovered in HPE Insight RS, which could allow unauthenticated remote attackers to execute arbitrary code on affected systems.
07
Scammers are using the Docusign API to send phishing emails that appear to be from PayPal, notifying users of unauthorized transactions and prompting them to contact a fake fraud prevention team.
08
Cisco warned customers about a low-severity vulnerability in Webex for BroadWorks, which could potentially allow unauthenticated attackers to remotely access data and credentials.
09
Approov and Carnegie Mellon University Africa's Upanzi Network developed a new open-source tool, APKIT, which uses AI to scan Android mobile applications for vulnerabilities and security issues, providing detailed recommendations on how to fix them.
10
Scammers are sending fake ransom notes to U.S. companies via traditional mail, impersonating the BianLian ransomware gang. These notes are tailored to the recipient company's industry.
