A relatively new threat actor is making its mark—CosmicBeetle. This emerging threat actor is actively deploying its ScRansom ransomware against SMBs globally. Meanwhile, three China-linked threat activity clusters have been targeting government organizations in Southeast Asia as part of the Crimson Palace operation. In a separate incident, researchers identified a phishing campaign that mimics a CapCut download page. This scheme leverages a recently demonstrated PoC exploiting the JamPlus build utility. Check out the top 10 cybersecurity headlines from the past 24 hours.
01
CosmicBeetle has been actively deploying its new ScRansom ransomware, targeting SMBs worldwide. The threat actor has also attempted to impersonate the LockBit ransomware gang and is likely a new affiliate of the RansomHub RaaS group.
02
Three threat activity clusters linked to China have been observed targeting government organizations in Southeast Asia as part of a renewed state-sponsored operation dubbed Crimson Palace.
03
Akira ransomware affiliates have been exploiting a critical security vulnerability (CVE-2024-40766) in SonicWall SonicOS firewall devices by compromising SSLVPN user accounts.
04
The Quad7 botnet operators have been compromising various SOHO routers and VPN appliances, including TP-LINK, Zyxel, Asus, Axentra, D-Link, and Netgear, deploying new staging servers, botnet clusters, backdoors, and reverse shells.
05
Critical XSS vulnerabilities have been found on Gallup’s website, which could potentially allow attackers to gain full control over an application’s functionality and data.
06
The North Korean Lazarus Group has been using malicious Python packages and posing as recruiters from financial firms in the VMConnect campaign to target developers.
07
A severe exploit chain has been discovered that starts with the public exposure of a .git directory, leading to a full server takeover. Improperly configured CI/CD pipelines can be exploited to gain unauthorized access to production servers.
08
Researchers identified a phishing site posing as a CapCut download page, using a recently demonstrated PoC that exploits the JamPlus build utility to run malicious scripts undetected while embedding a legitimate CapCut-signed app to trick users.
09
The CISA added SonicWall SonicOS (CVE-2024-40766), ImageMagick (CVE-2016-3714, and Linux Kernel (CVE-2017-1000253) vulnerabilities to its KEV catalog and ordered federal agencies to fix these flaws by September 30, 2024.
10
SplxAI, a start-up focused on identifying vulnerabilities in customer service chatbots has secured $2 million in a pre-seed funding round led by Inovo.vc, South Central Ventures, and Runtime Ventures.
