As the lines between trusted platforms and hidden threats blur, cybercriminals are finding new ways to exploit every corner of the digital world. Docker Remote API servers have become a prime target for attackers, deploying the SRBMiner cryptominer to secretly mine XRP. Meanwhile, Beast RaaS has been quietly wreaking havoc since 2022, offering affiliates the power to infiltrate Windows, Linux, and VMware ESXi servers with customized ransomware attacks. To top it off, the npm registry is being used to distribute malicious packages designed to steal Ethereum private keys and provide remote SSH access, giving attackers a backdoor into compromised machines. Read on for the top 10 highlights from the past 24 hours.
01
Trend Micro spotted malicious actors targeting Docker Remote API servers to deploy the SRBMiner cryptominer and mine XRP cryptocurrency. The attackers use the gRPC protocol over h2c to evade security solutions.
02
Researchers found the Beast RaaS targeting organizations since 2022. It can target Windows, Linux, and VMware ESXi servers with customizable options for affiliates.
03
A newly discovered cyberattack campaign has been targeting exposed Docker Remote API servers to deploy the perfctl malware and gain control over host systems.
04
The CISA added a critical security flaw affecting ScienceLogic SL1 to its KEV catalog. Tracked as CVE-2024-9537 with a CVSS v4 score of 9. 3, the bug involves a third-party component that could allow remote code execution.
05
Researchers discovered malicious packages on the npm registry designed to steal Ethereum private keys and enable remote SSH access. The packages mimic legitimate ones, potentially allowing attackers persistent access to compromised machines via extracted keys.
06
As per a report by Imperva, retailers faced 569,884 AI-driven attacks per day, with business logic abuse accounting for 30.7% of all incidents, followed by DDoS attacks at 30.6%.
07
VMware released software updates to fix a security flaw in vCenter Server, CVE-2024-38812, related to a heap overflow vulnerability in the DCE/RPC protocol. The flaw could allow remote code execution by a malicious actor.
08
APT41 targeted the gaming industry, collecting data over nine months using spear-phishing emails and DCSync attacks. It employed techniques like Phantom DLL Hijacking and used obfuscated JavaScript to filter machines by IP.
09
A zero-day vulnerability affecting Samsung mobile processors, tracked as CVE-2024-44068, has been exploited for arbitrary code execution, allowing privilege escalation on vulnerable Android devices - warned Google.
10
Supply chain security startup Socket raised $40 million in a Series B funding round led by Abstract Ventures LP, with participation from Elad Gil, Andreessen Horowitz, and angel investors.
