Be cautious of fraudulent websites leveraging ongoing crises. In a troubling development, a spearphishing campaign has recently targeted German-speaking CrowdStrike customers, using a fraudulent website to deliver a fake CrowdStrike Crash Reporter installer. Meanwhile, Ukraine’s military intelligence launched a series of DDoS attacks against major Russian banks. A report revealed that 95% of organizations experience at least one high-severity risk in their software supply chain, with the average organization confronting nine such critical issues. Scroll down for the top cybersecurity headlines from the last 24 hours.
01
A threat actor has been found attempting to distribute a malicious CrowdStrike Crash Reporter installer via a spearphishing website impersonating a German organization.
02
Ukraine’s military intelligence (HUR) carried out a series of DDoS attacks on several large Russian banks, disrupting operations at several Russian payment systems and telecom operators.
03
The CyberCartel threat group has been compromising Chromium-based browsers like Google Chrome with the Caiman banking trojan, targeting government offices and financial institutions in the LATAM region.
04
An ongoing threat campaign, dubbed SeleniumGreed, has been detected exploiting exposed Selenium Grid services through older versions of Selenium (v3.141.59) to deploy cryptominers and run remote commands.
05
A firmware supply-chain issue known as PKfail has been discovered, affecting hundreds of UEFI products from 10 different vendors and allowing attackers to bypass the Secure Boot security standard and install malware.
06
Three critical vulnerabilities (CVE-2024-4879, CVE-2024-5217, CVE-2024-5178) in the ServiceNow platform are being exploited in data theft attacks, targeting government agencies and private firms worldwide. The first two vulnerabilities enable unauthenticated RCE, while the third allows admin users unauthorized access to sensitive files.
07
The French authorities and Europol, with assistance from cybersecurity firm Sekoia, are conducting a disinfection operation to remove the PlugX malware from infected devices in France and several other European countries.
08
As per a report, AppSec teams struggle with an overwhelming volume of alerts, monitoring 129 applications and triaging over 119,000 alerts annually. Moreover, 95% of organizations encounter at least one high-severity risk in their software supply chain and the average organization faces nine such critical issues.
09
Dazz, an early-stage startup focused on unified security remediation, secured a $50 million investment led by Greylock, Cyberstarts, Insight Partners, and Index Ventures.
10
An AI security platform provider, Lakera raised $20 million in a Series A funding round led by Atomico, with participation from Citi Ventures, Dropbox Ventures, and existing investors.
