State-sponsored attacks continue to escalate, utilizing advanced tactics to target multiple sectors, including recent compromises by the China-linked APT41 in industries, such as shipping and logistics, media and entertainment, technology, and automotive sectors. In other news, a threat group registered over 500,000 domain names to target Windows and macOS systems in info-stealer campaigns. According to a Cyware survey, 49% of organizations struggle to collate threat intelligence and derive actionable insights across multiple security tools, teams, and technologies. Read on for more cybersecurity updates.
01
The Chinese threat group APT41 has been found using ANTSWORD and BLUEBEAM web shells to target multiple organizations in the shipping and logistics, media and entertainment, technology, and automotive sectors in Europe and Asia.
02
The Revolver Rabbit threat group has registered over 500,000 domain names for info-stealer campaigns targeting Windows and macOS systems, using automated registered domain generation algorithms (RDGAs).
03
A new Cyware survey revealed that 53% of organizations do not use an ISAC, 28% are unaware of ISACs and their role, and 49% struggle to operationalize and derive value from their threat intelligence due to team, technology, and data silos.
04
Researchers discovered a Chinese fake ad blocker ‘HotPage.exe,’ that was approved and signed by Microsoft but concealed kernel-level malware that manipulates web traffic, drops a vulnerable driver, and can be weaponized.
05
A recent smishing campaign was found leveraging the United States Postal Service (USPS) themes to deceive users, sending fake USPS-themed messages with malicious links that lead to phishing sites.
06
Google released Chrome 126, a critical security update addressing 10 vulnerabilities, including 8 high-severity flaws. This update focuses on resolving several memory-related issues that could potentially lead to sandbox escapes and RCE.
07
Attackers have been using SMTP smuggling to bypass SPF, DKIM, and DMARC security protocols to spoof emails from over 20 million trusted domains.
08
A critical vulnerability (CVE-2024-20401) that could allow attackers to add new users with root privileges and permanently crash Cisco SEG appliances has been addressed.
09
As per a report, weak credentials and misconfigurations across cloud systems were responsible for 75% of network intrusions in the first half of 2024, with systems having weak or no credentials being the top initial access vector, accounting for 47% of cloud environment attacks.
10
Pindrop Security, a voice fraud detection provider, raised $100 million in debt financing from Hercules Capital.
