Go to listing page

Daily Cybersecurity Roundup, October 28, 2024

Cybercriminals are pushing boundaries with deceptive tactics, blending trusted platforms with new tools to breach defenses. Black Basta ransomware affiliates have begun posing as Microsoft Teams IT support, deploying emails and QR codes to trick users into giving up access. In another campaign, HeptaX, a cyberespionage scheme, has been sending phishing emails to alter RDP settings and steal credentials. Meanwhile, a Discord bot is being exploited to spread the PySilon RAT, giving attackers unauthorized control over users' devices. Here are the top 10 highlights from the past 24 hours. 

01

ReliaQuest researchers warned that Black Basta ransomware affiliates are impersonating Microsoft Teams IT support, using emails, Teams chat messages, and malicious QR codes to gain access.

02

Cyble discovered HeptaX, a cyberespionage campaign using phishing emails with .lnk files to modify RDP settings, create hidden admin accounts, and steal passwords.

03

TeamTNT is set to launch a large-scale campaign targeting cloud environments for cryptomining and server rentals, exploiting exposed Docker daemons to deploy Sliver malware and cryptominers.

04

CERT-UA warned of a large-scale phishing attack by UAC-0218, targeting citizens’ sensitive data. Phishing links disguised as bills or payment details lead victims to install data-stealing malware.

05

Attackers can bypass Windows security features by downgrading kernel components, making fully patched systems vulnerable to rootkit deployment.

06

ASEC found that a Discord bot was exploited to create a RAT, known as PySilon, allowing threat actors to gain unauthorized control over users' PCs and collect sensitive personal information.

07

CERT-UA disclosed a new malicious email campaign by UAC-0215, targeting government agencies, enterprises, and military entities. The emails contain attachments in the form of RDP configuration files that establish a connection with a remote server.

08

The operators of Fog and Akira ransomware are leveraging a critical SSL VPN access flaw (CVE-2024-40766) in SonicWall VPN accounts to infiltrate company networks.

09

Digital identity verification and fraud prevention platform Socure announced the acquisition of risk decisioning startup Effectiv for $136 million.

10

Data security startup Concentric AI raised $45 million in a Series B funding round co-led by Top Tier Capital Partners and HarbourVest Partners, with participation from CyberFuture.

Get the Daily Cybersecurity Roundup delivered to your email!