As cyber threats continue to evolve, attackers are finding new ways to exploit old cracks in the system. The Prometei botnet is wreaking havoc globally, spreading cryptojackers and webshells by targeting vulnerable Exchange servers. Meanwhile, the Embargo ransomware group is ramping up its attacks with customized Rust-based tools designed to disable security defenses. In other news, a critical vulnerability in Fortinet FortiManager has surfaced, which is being actively exploited. Here are the top 10 highlights from the past 24 hours.
01
The Prometei botnet, active since 2016, has been spreading cryptojackers and webshells on vulnerable systems globally, particularly targeting unsecured Exchange servers. Exploiting old vulnerabilities like BlueKeep and EternalBlue, it bypasses firewalls and extracts plaintext passwords using WDigest.
02
The Embargo ransomware group has been found using customized Rust-based tools, including a loader and EDR killer, to evade defenses. Its toolkit exploits Safe Mode to disable security solutions, with tools like MDeployer and MS4Killer.
03
Unit 42 researchers identified a new multi-turn technique called Deceptive Delight that can jailbreak large language models (LLMs), achieving an average attack success rate (ASR) of 64.6% within three interaction turns.
04
A new malware known as WarmCookie, part of the BadSpace family, has been actively distributed through malspam and malvertising campaigns since April. It has been linked to TA866 and shows similarities with the Resident backdoor.
05
A vulnerability in Fortinet FortiManager has been discovered, which could lead to remote code execution. The most severe vulnerability, CVE-2024-47575, is being exploited in the wild, impacting various versions of FortiManager.
06
Participants at Pwn2Own Ireland demonstrated 52 zero-day vulnerabilities across various devices, including a Lorex 2K WiFi camera, QNAP QHora-322 router, and TrueNAS Mini X, earning a total of $486,250 in cash prizes.
07
Cisco warned of a critical command injection vulnerability (CVE-2024-20424) in its Secure Firewall Management Center Software. The flaw allows authenticated remote attackers to execute arbitrary commands with root privileges on the operating system.
08
Threat actors used virtual hard drive files (.vhd and .vhdx) to bypass SEGs and antivirus scanners, delivering malicious payloads via tax, shipping, and resume-themed emails. These campaigns deployed Remcos and XWorm.
09
Netskope revealed a tenfold increase in phishing attacks on cryptocurrency wallets from April to September, using Webflow to create fraudulent pages.
10
Cloud security startup Stream.Security raised $30 million in a Series B funding round led by U.S. Venture Partners.
