Threats keep looming over GitHub. A recent threat campaign has been uncovered exploiting GitHub by creating fake issues in open-source project repositories to distribute the Lumma Stealer. Meanwhile, the Iranian state-sponsored threat group UNC1860 has been using GUI-based malware controllers and passive backdoors to maintain persistent access to organizations in the Middle East. Additionally, a SpyCloud report revealed a sharp rise in ransomware attacks, with 75% of organizations experiencing multiple incidents over the past year, up from 61% the previous year. Discover the top cybersecurity developments that happened in the past 24 hours.
01
A threat campaign has been found exploiting GitHub by creating false issues in open-source project repositories, claiming security vulnerabilities, and luring users to a fake GitHub Scanner domain to distribute Lumma Stealer.
02
UNC1860, an Iranian state-sponsored threat actor likely affiliated with Iran’s Ministry of Intelligence and Security (MOIS) has been utilizing GUI-operated malware controllers, tracked as TEMPLEPLAY and VIROGREEN, and passive backdoors to gain persistent access to high-priority networks in the Middle East.
03
Researchers uncovered threat actors exploiting email accounts to send auto-reply messages with links to deploy the XMRig crypto-miner, targeting Russian tech companies, retail platforms, insurance firms, and financial businesses.
04
German law enforcement seized 47 cryptocurrency exchange services involved in money laundering for ransomware gangs, darknet dealers, and botnet operators, redirecting visitors to a warning page titled ‘Operation Final Exchange.’
05
Threat actors are creating phishing sites with fake Google CAPTCHA verification pages to distribute Lumma Stealer, tricking Windows users into running malicious PowerShell commands.
06
A phishing campaign spoofing Google Apps Script macros has sent around 360 multilingual emails, falsely claiming unrecognized registrations and containing deceptive URLs that lead to pages requesting sensitive information.
07
Atlassian addressed four high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd in its September 2024 monthly security bulletin. These flaws could allow attackers to cause DoS conditions.
08
A SpyCloud report revealed that 75% of organizations experienced multiple ransomware attacks in the past year, an increase from 61% the previous year, with each malware infection exposing an average of 10 to 25 third-party business application credentials.
09
Security validation company, Picus Security, accrued $45 million in a growth investment round led by Riverwood Capital and Earlybird Digital East Fund.
10
c/side, a cybersecurity company, secured $6 million in a seed funding round led by Uncork Capital, Mantis VC, Scribble Ventures, Roar Ventures, and PrimeSet.
