Shhh... Hackers can hear your secrets—introducing PIXHELL, a stealthy acoustic attack that can eavesdrop on air-gapped and audio-gapped systems through their LCD monitors, no speakers needed. Meanwhile, a new infostealer called Yet Another Silly Stealer (YASS) is being distributed via a multi-stage downloader known as MustardSandwich. Additionally, a report highlighted that ALPHV ransomware was behind 24% of ransomware attacks in the financial sector in 2024, with nearly half (49%) of these attacks initiated via phishing. Discover the top 10 cybersecurity developments that happened in the past 24 hours.
01
Researchers uncovered a new acoustic attack called PIXHELL that can extract secrets from air-gapped and audio-gapped systems via connected LCD monitors, without requiring speakers.
02
A new info-stealer, Yet Another Silly Stealer (YASS), has been discovered, with similarities to CryptBot. YASS is being delivered using a multi-stage downloader called MustardSandwich to steal sensitive data and communicate with C2 servers.
03
Threat actors are targeting the global financial sector, internet portals, and government domains in large-scale phishing campaigns using a refresh entry in the HTTP response header to distribute malicious URLs.
04
In its September 2024 Patch Tuesday, Microsoft fixed 79 vulnerabilities, including four actively exploited flaws and one publicly disclosed zero-day. Seven of these vulnerabilities were rated as critical, including RCE or EoP flaws.
05
Google released a new Chrome 128 update, addressing five vulnerabilities, including four high-severity memory safety issues. The new browser update has been rolled out as Chrome versions 128.0.6613.137/.138 for Windows and macOS and version 128.0.6613.137 for Linux.
06
Ivanti fixed a maximum severity vulnerability (CVE-2024-29847) in its Endpoint Management software that can let unauthenticated attackers gain access to the core server.
07
As per Zscaler report, Google was the top target for phishing domains using typosquatting and brand impersonation between February and July, accounting for 28.8%, followed by Microsoft at 23.6% and Amazon at 22.3%.
08
A report revealed that ALPHV ransomware was responsible for 24% of ransomware attacks in the financial sector in 2024, with 49% of attacks originating from phishing. Banking institutions were targeted in 20% of these attacks.
09
ConnectWise announced the acquisition of Axcient and SkyKick to enhance its cybersecurity and data protection offerings. Terms of the deal were not disclosed.
10
P0 Security, a company specializing in cloud-native observability, security, and networking, secured $15 million in a Series A funding round led by SYN Ventures, Zscaler, and Lightspeed Venture Partners.
