Crypto-stealing malware posing as a meeting app targets Web3 pros Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware. The campaign is dubbed "Meeten" after the name commonly used by the meeting software and has been underway since September 2024. The malware, which has both a Windows and a macOS version, targets victims' cryptocurrency assets, banking information, information stored on web browsers, and Keychain credentials (on Mac). See more:
BleepingComputer
Crypto-stealing malware posing as a meeting app targets Web3 pros
Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows...
 #cybersecurity #cryptocurrency #malware
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis. The cybersecurity company is tracking the threat actor under the name BlueAlpha, which is also known as Aqua Blizzard, Armageddon, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, UAC-0010, UNC530, and Winterflounder. The group, believed to be active since 2014, is affiliated with Russia's Federal Security Service (FSB). The tools are chiefly engineered to steal valuable data from web applications running inside internet browsers, email clients, and instant messaging applications such as Signal and Telegram, as well as download additional payloads and propagate the malware via connected USB drives. See more:
The Hacker News
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
Gamaredon uses Cloudflare Tunnels to hide GammaDrop malware staging, targeting Ukraine with HTML smuggling tactics.
 #cybersecurity #cloudflare #malware
New Android spyware found on phone seized by Russian FSB After a Russian programmer was detained by Russia's Federal Security Service (FSB) for fifteen days and his phone confiscated, it was discovered that a new spyware was secretly installed on his device upon its return. The programmer, Kirill Parubets, was arrested by the FSB after being accused of donating to Ukraine. After regaining access to his mobile device, the programmer suspected it was tampered with by the Russian government after it exhibited unusual behavior and displayed a notifications stating, "Arm cortex vx3 synchronization." After sharing it with Citizen Lab for forensic analysis, investigators confirmed that spyware had been installed on the device that impersonated a legitimate and popular Android app 'Cube Call Recorder,' which has over 10,000,000 downloads on Google Play. Contrary to the legitimate app, though, the spyware has access to a broad range of permissions, giving it unfettered access to the device and allowing the attackers to monitor the activities on the phone. See more:
BleepingComputer
New Android spyware found on phone seized by Russian FSB
After a Russian programmer was detained by Russia's Federal Security Service (FSB) for fifteen days and his phone confiscated, it was discover...
 #android #spyware #privacy #cybersecurity
Critical Vulnerability Discovered in SailPoint IdentityIQ SailPoint this week warned that a critical-severity vulnerability in the identity and access management (IAM) platform IdentityIQ could allow attackers to access restricted files. SailPoint’s IdentityIQ IAM platform provides full lifecycle and compliance management capabilities covering provisioning, access requests, certifications, and segregation of duties. The critical issue, tracked as CVE-2024-10905, has a CVSS score of 10/10 and is described as an improper access control flaw. The bug is, essentially, a directory traversal flaw that affects all IdentityIQ versions up to patch levels 8.4p2, 8.3p5, and 8.2p8. See more:
SecurityWeek
Critical Vulnerability Discovered in SailPoint IdentityIQ
A critical directory traversal vulnerability in the SailPoint IdentityIQ IAM platform exposes restricted files to attackers.
 #cybersecurity #identityiq
U.S. org suffered four month intrusion by Chinese hackers A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. According to Symantec’s threat researchers, the operation appeared to focus on intelligence gathering, involving multiple compromised machines and targeting Exchange Servers, likely for email and data exfiltration. The researchers did not explicitly name the breached U.S. organization but mentioned that the same entity was targeted by the China-based ‘Daggerfly’ threat group in 2023. See more BleepingComputer:
BleepingComputer
U.S. org suffered four month intrusion by Chinese hackers
A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its network...
 The Hackers News:
The Hacker News
Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers
Chinese hackers targeted a U.S. firm in a four-month cyberattack, harvesting emails and stealing data.
 #cybersecurity #cyberattack #breach
I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending Japanese device maker I-O Data this week confirmed zero-day exploitation of critical flaws in multiple routers and warned that full patches won’t be available for a few weeks. According to a warning from incident responders at JPCERT/CC, the most serious flaw opens the door for a remote attacker to disable the router’s firewall, execute commands, or alter configurations. “The developer states that attacks exploiting these vulnerabilities have been observed,” according to the JPCERT/CC alert. A separate bulletin from IO-Data documents three separate defects — CVE-2024-45841, CVE-2024-47133 and CVE-2024-52564 — and warns of additional information disclosure and command execution risks. See more:
SecurityWeek
I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending
Japanese device maker confirms zero-day router exploitation and warn that full patches won’t be available for a few weeks.
 #cybersecurity #zeroday #iodata
Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected. In addition, over 80 data storage devices, cell phones, computers, as well as cash and crypto assets worth more than €63,000 ($66,500) have been confiscated. Manson Market ("manson-market[.]pw") is believed to have launched in 2022 as a way to peddle sensitive information that was illegally obtained from victims as part of phishing and vishing (voice phishing) schemes. See more: The Hacker News:
The Hacker News
Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers
Europol shuts down Manson Market, a fraud hub, seizes 50 servers, and arrests two suspects.
 BleepingComputer:
BleepingComputer
Police shuts down Manson cybercrime market, arrests key suspects
German law enforcement has seized over 50 servers that hosted the Manson Market cybercrime marketplace and fake online shops used in phishing opera...
 #cybercrime #mansonmarket
Mitel MiCollab zero-day flaw gets proof-of-concept exploit Researchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a server's filesystem. Mitel MiCollab is an enterprise collaboration platform that consolidates various communication tools into a single application, offering voice and video calling, messaging, presence information, audio conferencing, mobility support, and team collaboration functionalities. It's utilized by various organizations, including large corporations, small to medium-sized enterprises, and companies operating on a remote or hybrid workforce model. The latest vulnerability in the product was discovered by researchers at watchTowr, who, despite having reported to the vendor since August, it remains unfixed after 90 days of being disclosed and waiting for a patch. See more: BleepingComputer:
BleepingComputer
Mitel MiCollab zero-day flaw gets proof-of-concept exploit
Researchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a se...
 The Hacker News:
The Hacker News
Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
Critical Mitel MiCollab exploit CVE-2024-41713 patched; update to prevent file access and admin misuse.
 #cybersecurity #micollab #zeroday
Security Risks Persist in Open Source Ecosystem Significant security risks continue to be prevalent in open source software practices, a new report by the Linux Foundation, OpenSSF and Harvard University has found. The CENSUS III project was based on 12 million observations of free and open source software (FOSS) libraries used in production apps at over 10,000 companies. It highlighted a number of concerning cybersecurity practices relating to open source software, which is widely used across all industries. The project aims to provide a clearer picture of the structural issues that threaten the FOSS ecosystem. - Ongoing Reliance on Outdated Python 2 Language - Lack of Standardized Naming for Software Components - Open Source Security Dependent on Handful of Contributors - Heavy Reliance on Individual Developer Accounts - Legacy Software Remains Prevalent See more:
Infosecurity Magazine
Security Risks Persist in Open Source Ecosystem
An analysis by the Linux Foundation, OpenSSF and Harvard University found that there continues to be significant cybersecurity risks in open source...
 #opensource #cybersecurity