Share Blog Post
North Korean hackers have struck again, deploying a new variant of BeaverTail malware targeting macOS users. The malware pretends to be a legit video calling service, asking unsuspecting victims to join a job interview by downloading a malicious app.
Thousands of Google Cloud-hosted websites are impacted by a new variant of HTTP request smuggling known as TE.0, impacting vital services such as Identity-Aware Proxy.
While crypto doubling schemes are nothing new, this latest one takes the cake. Scammers are using hijacked YouTube channels to push Elon Musk deepfake live streams, stating that he would reveal insights into the assassination attempt on Donald Trump.
Top Malware Reported in the Last 24 Hours
New malware campaign exploits RDPWrapper
Cybercriminals have been spotted exploiting legitimate tools like RDPWrapper and Tailscale to gain unauthorized access and control over cryptocurrency users' systems through a sophisticated multi-stage attack campaign. RDPWrapper enables multiple RDP sessions per user, allowing threat actors to maintain persistent access to compromised systems discreetly. Tailscale is used by attackers to establish a secure, private network connection, facilitating remote command execution and data exfiltration. The attackers have focused on Indian users within the cryptocurrency ecosystem.
DPRK hackers tweak malware
North Korean hackers have developed a new variant of their BeaverTail malware to target macOS users. The malware is disguised as a legitimate video calling service called Microtalk. The hackers lure victims into downloading the malicious Microtalk app installer by asking them to join a job interview. The cloned Microtalk site claims no download is required, but the fine print is overlooked by victims. Apart from stealing data, BeaverTail also executes additional payloads, including InvisibleFerret.
Top Vulnerabilities Reported in the Last 24 Hours
New flaw affects Google Cloud websites
A new variant of the HTTP request smuggling attack called TE.0 affected thousands of Google Cloud-hosted websites, compromising services like Identity-Aware Proxy. HTTP request smuggling is a web security flaw where attackers exploit inconsistencies in handling HTTP request sequences by servers and intermediaries. The technique, similar to the CL.0 variant, uses the Transfer-Encoding header to enable mass zero-click account takeovers on susceptible systems.
Atlassian issues patches
Atlassian has released security updates to address several high-severity vulnerabilities in its Bamboo, Confluence, and Jira products, including issues that could allow SSRF, file inclusion, and DoS attacks. Bamboo Data Center and Server had two high-severity vulnerabilities: CVE-2024-22262 and CVE-2024-21687. Confluence Data Center and Server had seven high-severity vulnerabilities. Jira Software and Service Management had a high-severity vulnerability, tracked as CVE-2022-41966.
Cisco fixes SSM On-Prem bug
A critical vulnerability in Cisco's Smart Software Manager On-Prem (SSM On-Prem) allows unauthenticated, remote attackers to change the password of any user, including administrators, on vulnerable systems. The vulnerability is caused by an improper implementation of the password-change process in the SSM On-Prem authentication system. This critical flaw (CVE-2024-20419) has a maximum severity rating and impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite).
?Top Scams Reported in the Last 24 Hours
Trump assassination news and crypto scams
Cybercriminals are using deepfake videos of Elon Musk on hijacked YouTube channels to promote a cryptocurrency doubling scam. The scam claims that Musk plans to provide financial support to Trump's presidential campaign. The videos encourage viewers to participate in a cryptocurrency giveaway by scanning a QR code, which leads to fraudulent websites. To protect against these scams, users are advised to be cautious of click-bait videos, not to scan QR codes promising crypto giveaways, and to use trusted security solutions.
Tags
Posted on: July 18, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
