Cyberattacks are becoming sharper and more pervasive, with new tools and tactics emerging at an alarming pace. BabbleLoader, a newly uncovered malware loader, has been found bypassing traditional defenses to deliver stealers directly into memory. Meanwhile, threat groups are refining their strategies in regional campaigns. Trend Micro reported Earth Kasha’s operations in Asia, using advanced malware like LODEINFO and MirrorStealer to breach targets. On another note, researchers highlighted a worrying 56% rise in ransomware groups, with LockBit leading a growing list of perpetrators. Here are the top 10 highlights from the past 24 hours.
01
A new stealthy malware loader called BabbleLoader has emerged, designed to bypass antivirus and sandbox environments to deliver stealers into memory, targeting users seeking cracked software and business professionals.
02
Trend Micro unearthed a new campaign by Earth Kasha, targeting Japan, Taiwan, and India. The group has made significant updates to its TTPs and uses LODEINFO, NOOPDOOR, and MirrorStealer malware.
03
A Chinese threat group, BrazenBamboo, is using the DeepData custom toolkit to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client.
04
A malicious ad campaign impersonating Bitwarden is circulating on Facebook. The campaign prompts users to update Bitwarden through a fake Chrome Web Store link, leading to a malicious extension installation.
05
Broadcom issued an urgent security advisory confirming the active exploitation of two critical vulnerabilities, CVE-2024-38812 and CVE-2024-38813, in VMware's vCenter Server platform.
06
Researchers noted a 98% rise in DocuSign phishing attacks, targeting businesses that interact with government authorities, between November 8 and 14 compared to all of September and October.
07
The LibreNMS project reported a critical vulnerability (CVE-2024-51092) in versions up to 24.9.1, allowing authenticated attackers to execute arbitrary OS commands, potentially leading to server takeover.
08
A new report by IBM noted that the number of active ransomware groups has increased by 56% in H1 2024. LockBit ranked first on the list with 434 victims, followed by Play (178 victims) and RansomHub (171 victims).
09
The EPA Inspector General's report revealed that 97 water systems in the U.S. have critical vulnerabilities, potentially putting 26.6 million people at risk.
10
A campaign has been spotted targeting organizations using Microsoft Visio files and SharePoint to execute two-step phishing attacks. The attackers use compromised email accounts to send seemingly legitimate messages with malicious attachments containing URLs to fake SharePoint pages.
