From IoT devices to phishing schemes, attackers are exploiting overlooked entry points to expand their reach. Trend Micro uncovered a botnet, Water Barghest, that has compromised over 20,000 IoT devices. It now uses the Ngioweb malware and leverages public scan databases to identify vulnerabilities. Meanwhile, threat actors are using SVG files in phishing campaigns to hide malicious scripts and steal credentials. Proofpoint reported fake CAPTCHA ClickFix campaigns, including one involving GitHub notifications. Read on for more.
01
Trend Micro identified a sophisticated botnet called Water Barghest that compromised over 20,000 IoT devices by October. It uses Ngioweb malware to register compromised devices with C2 servers after pinpointing vulnerable devices using public internet scan databases like Shodan.
02
Threat actors have been found using SVG files in phishing campaigns to hide malicious scripts and create phishing forms to steal credentials. These SVG attachments can also be used to display HTML and execute JavaScript when the graphic is loaded.
03
Cybercriminals are using fake AI image and video generators to spread the Lumma Stealer and AMOS malware, targeting Windows and macOS users.
04
Cyble identified a campaign linked to the DONOT APT group, targeting Pakistan's manufacturing industry supporting the maritime and defense sectors.
05
Proofpoint observed the emergence of the fake CAPTCHA ClickFix campaign, mimicking a verification process. A significant one involved GitHub notifications that led to malware installations impacting around 300 organizations globally.
06
Switzerland's NCSC warned of deceptive letters posing as official correspondence from the Federal Office of Meteorology, urging recipients to download a fraudulent weather app infected with a variant of the Coper trojan.
07
A critical authentication bypass vulnerability (CVE-2024-10924) has been disclosed in the Really Simple Security plugin for WordPress, impacting over four million sites.
08
Researchers identified a zero-day vulnerability (CVE-2024-11120) in unsupported GeoVision devices. A sophisticated botnet has been actively abusing the bug.
09
The NCSC revealed that shoppers lost over £11.5 million ($14.5 million) to fraudsters during last year's festive period. Scammers used social media platforms and online marketplaces to target victims.
10
Scammers are using the Microsoft 365 Admin Portal to bypass email security platforms and send sextortion emails directly to inboxes.
