Two Chinese APTs have taken a page out of the cyber playbook, with TIDRONE swooping down on Taiwan’s drone industry and Stately Taurus coding its way into Southeast Asian government networks. Meanwhile, in the LATAM region, threat actors are capitalizing on judicial-themed phishing emails to deploy banking Trojans like Mekotio, BBTok, and Grandoreiro. Here’s a roundup of the 10 most important cybersecurity updates from the weekend.
01
A Chinese APT group, TIDRONE, has been targeting military-related industry chains, especially drone manufacturers in Taiwan, by using ERP software and remote desktops to deploy CXCLNT and CLNTEND malware.
02
The Chinese APT group Stately Taurus has been abusing Visual Studio Code software in espionage operations targeting government entities in Southeast Asia.
03
The Earth Preta threat actor has been launching worm-based attacks with a HIUPAN variant, spreading PUBLOAD. It is also employing spear-phishing campaigns to deliver multi-stage downloaders like DOWNBAIT and PULLBAIT.
04
A new RAMBO side-channel attack method has been discovered, which can stealthily generate electromagnetic radiation from an air-gapped computer’s RAM to modulate and transmit sensitive data to a nearby recipient.
05
Threat actors are luring victims in the LATAM region with judicial-related phishing emails to deploy Mekotio, BBTok, and Grandoreiro banking trojans.
06
Three significant vulnerabilities (CVE-2024-45074, CVE-2024-45075, and CVE-2024-45076) in IBM’s webMethods Integration Server could allow authenticated users to execute arbitrary commands, escalate privileges, and access unauthorized files.
07
Cybercriminals are exploiting a critical RCE vulnerability, CVE-2024-36401, in GeoServer to target the technology, government, and telecommunications sectors. The flaw could allow attackers to execute arbitrary code by sending specially crafted requests.
08
Progress Software issued an emergency fix for a severity flaw (CVE-2024-7591) impacting its LoadMaster and LoadMaster Multi-Tenant Hypervisor products. The vulnerability could allow attackers to remotely execute commands on the device.
09
Airbus Defence and Space closed the acquisition of INFODAS, a cybersecurity and IT solutions provider.
10
The GRC Group, a software and tech-enabled service provider acquired U.K-based cybersecurity company, Pentest People, for an undisclosed sum.
