Hackers are like digital chameleons, seamlessly disguising themselves within everyday apps while plotting their next sneak attack—just like the Kransom ransomware, which was recently found hiding within the StarRail game to execute an encrypted payload. In other news, a stealthy fileless attack is targeting attendees of the U.S.-Taiwan Defense Industry Conference to exfiltrate sensitive data. Additionally, Mac users are being targeted by scammers posing as Apple support via Google ads, redirecting victims to fake AppleCare+ pages hosted on GitHub. Continue reading for the top cybersecurity events that unfolded over the weekend.
01
The Kransom ransomware has been found disguising itself as the StarRail game using DLL side-loading and a legitimate certificate from COGNOSPHERE PTE. LTD to execute an encrypted payload.
02
A stealthy fileless attack has been targeting attendees of the U.S.-Taiwan Defense Industry Conference to exfiltrate sensitive data by evading traditional detection methods.
03
A malware campaign was found locking users in their browser’s kiosk mode to trick them into entering their Google credentials which were stolen using the StealC info-stealer.
04
A hacker known as Amadon employed jailbreaking to bypass the safety protocols of ChatGPT and manipulate it into generating instructions for creating homemade explosives.
05
Microsoft addressed a Windows MSHTML spoofing vulnerability, CVE-2024-43461, exploited by the Void Banshee APT group in zero-day attacks to deploy the Atlantida info-stealer.
06
Scammers are targeting Mac users seeking Apple support or extended warranties via Google ads, redirecting them to fake AppleCare+ pages on GitHub, where they are manipulated into providing personal and financial information over the phone.
07
SolarWinds released patches for two vulnerabilities (CVE-2024-28991 and CVE-2024-28990) in its Access Rights Manager tool. The former flaw could allow remote attackers to execute arbitrary code, while the latter enables authentication bypass.
08
Docker addressed two critical vulnerabilities, identified as CVE-2024-8695 and CVE-2024-8696, in Docker Desktop. Both flaws could be exploited by a malicious extension to execute remote code.
09
Metabase Q, the IT cybersecurity management company, secured $11 million in a Series A extension round led by SYN Ventures.
10
Security data management startup Realm Security raised $5 million in a seed funding round led by Accomplice and Glasswing Ventures.
