Go to listing page

Daily Cybersecurity Roundup, October 23, 2024

From phishing kits to rogue ransomware, the digital threat landscape is constantly evolving. A new campaign is using the Gophish toolkit to distribute DarkCrystal RAT and PowerRAT to Russian-speaking users. At the same time, macOS users are facing a new ransomware strain that pretends to be LockBit, encrypting data and displaying a fake LockBit banner. And if that weren’t enough, over 1,800 mobile apps were found with hardcoded credentials for cloud services, exposing sensitive user data and source code to potential compromise. Read on for more. 

01

A new phishing campaign targeting Russian-speaking users is using the Gophish toolkit to distribute DarkCrystal RAT and a new remote access trojan called PowerRAT. The campaign involves Maldoc or HTML-based infections.

02

Researchers spotted multiple samples of the macOS.NotLockBit ransomware that masquerades as LockBit ransomware. It is capable of file encryption, data exfiltration, and setting the desktop wallpaper to display a LockBit 2.0 banner.

03

Symantec's research found over 1,800 iOS and Android apps containing hardcoded, unencrypted AWS credentials, with 77% having valid access tokens, posing a significant security risk for user data and source code.

04

Microsoft's Script Encoder, originally meant to obscure code for developers, is now being utilized by attackers to deliver malware through phishing or drive-by download attacks.

05

Google released a critical Chrome update addressing three high-severity vulnerabilities (CVE-2024-10229, CVE-2024-10230, CVE-2024-10231) affecting browser extensions and the V8 JavaScript engine.

06

A security flaw (CVE-2024-8260) in Styra's Open Policy Agent (OPA) could allow attackers to access sensitive credentials from Windows systems. The bug has been patched in the latest version of OPA (v0. 68. 0).

07

PoC exploit code is now public for CVE-2024-43532, a vulnerability in Microsoft's Remote Registry client that could lead to Windows domain takeover by downgrading authentication security.

08

According to new research, the U.S. energy sector faces a high risk of supply chain attacks, with 45% of security breaches in the past year being third-party related.

09

The U.S. federal government has committed to using the Traffic Light Protocol to enhance information sharing on cyber threats with the cybersecurity community and private sector.

10

Sophos is to acquire Secureworks in a deal valued at $859 million to strengthen its security offerings and expand its customer base. The acquisition is expected to close early in 2025.

Get the Daily Cybersecurity Roundup delivered to your email!