Cybercriminals have turned an antivirus tool into a weapon, using 360 Total Security to deliver the SSLoad malware. Behind the scenes, PhantomLoader disguises the malware as a legitimate module, slipping through unnoticed. Iranian threat actors are ramping up their assault, targeting critical sectors in the U.S., Canada, and Australia. Healthcare, government, and energy organizations are in the crosshairs as brute force attacks and other tactics push defenses to their limits. The CISA and the FBI are spotlighting dangerous software practices with a new Product Security Bad Practices catalog. Continue reading for more updates.
01
Cybercriminals have been utilizing 360 Total Security antivirus software to distribute SSLoad malware through PhantomLoader, masquerading as a legitimate module.
02
Government agencies in the U.S., Canada, and Australia warned that Iranian threat actors are using brute force and other methods to compromise organizations across healthcare and public health, government, IT, engineering, and energy sectors.
03
North Korean IT workers are using stolen or falsified identities to obtain employment at Western companies, leading to potential insider threats and ransom demands. The tactics align with those used by NICKEL TAPESTRY.
04
The CISA and the FBI released a Product Security Bad Practices catalog that identifies risky software development practices and provides guidelines for mitigating these risks, particularly for software used in critical infrastructure.
05
Mandiant reported an alarming trend of threat actors exploiting zero-day vulnerabilities in software, with 70.3% of actively exploited vulnerabilities in 2023 being zero-days.
06
Group-IB accessed the affiliate panel of a new RaaS called Cicada3301 on the dark web. Similarities were found between Cicada3301 and the BlackCat ransomware group, with over 30 organizations impacted, mainly in the U.S. and U.K.
07
A wave of phishing emails posing as Starbucks offer is attempting to lure recipients into clicking on malicious links or downloading malware. Action Fraud received 900 reports about the scam in the past two weeks.
08
Hackers are exploiting the CVE-2024-23113 flaw in unpatched FortiGate devices, causing Linux crashes. Despite Fortinet's earlier patch and 88,000 vulnerable instances globally, increased exploitation prompted U.S. government warnings.
09
Russian independent media outlet Novaya Gazeta Europe experienced large-scale DDoS attacks, temporarily taking its website offline. The attacks reached 12 million junk requests per minute at one point.
10
A critical security flaw (CVE-2024-9486, CVSS score: 9. 8) has been found in Kubernetes Image Builder, allowing potential root access through default credentials during the image build process.
