Lazarus strikes again. Mandiant discovered the new MISTPEN backdoor used by UNC2970, targeting senior energy and aerospace employees via a trojanized PDF reader. Crypto influencers, beware! Researchers warned of the Marko Polo gang that lures victims with fake job offers through social media, compromising thousands of devices globally. Meanwhile, organizations using Salesforce were warned of a blind SOQL injection flaw that could allow attackers to exploit the public link feature to access sensitive customer data. Continue reading for more updates from the cybersecurity world.
01
Mandiant uncovered a new backdoor named MISTPEN used by the UNC2970 threat cluster, overlapping with the Lazarus Group. The attackers are targeting senior employees across the energy and aerospace sectors using a trojanized PDF reader.
02
Insikt Group researchers warned that the Marko Polo cybercrime gang targets cryptocurrency users and influencers with scams, posing as HR representatives on social media to lure victims with fake job offers, compromising thousands of devices globally.
03
The CISA and the FBI issued a new alert under the Secure by Design initiative, urging tech companies to review their software and ensure future releases are free of cross-site scripting vulnerabilities before shipping.
04
Russian hacker group Key Group has been using a .NET-based ransomware, encrypting files and disabling system recovery to demand ransom via Telegram. The group leverages the Chaos ransomware builder to create its payload.
05
Construction companies are at risk of targeted brute-force attacks through the Foundation accounting software due to the use of default credentials, researchers at Huntress warned.
06
Varonis Threat Labs uncovered a Salesforce vulnerability in its public link feature, which allowed attackers to exploit the Aura API and SOQL subqueries, enabling a blind SOQL injection attack to access sensitive customer data.
07
A report by Claroty revealed that most organizations employ multiple remote access tools, with 55% of organizations having four or more tools, and some having as many as 16, thereby increasing their attack surface.
08
Broadcom addressed a critical remote code execution vulnerability, CVE-2024-38812, in VMware vCenter Server. It also affects products containing vCenter, including VMware vSphere and VMware Cloud Foundation.
09
Digital executive protection provider BlackCloak secured $17 million in a Series B funding round led by Baird Capital, with participation from Blue Heron Capital, TDF Ventures, and TechOperators.
10
RunSafe Security raised $12 million in Series B funding led by Critical Ventures and SineWave Venture Partners, with participation from BMW i Ventures, Working Lab Capital, Lockheed Martin Ventures, and others.
