Having your digital credentials grants someone full access to your rights and privileges. This concern is heightened with the recent discovery of malicious code hidden in the Python package 'lr-utils-lib,’ which targets specific macOS systems to steal Google Cloud Platform credentials. In other news, the FBI, CISA, and other agencies have warned about the North Korean APT group Andariel’s cyber-espionage activities against military and nuclear programs. Meanwhile, a report revealed that Russian threat groups accounted for 69% of all ransomware crypto proceeds in 2023, with LockBit and ALPHV alone receiving at least $320 million in ransom payments. Continue reading for the cybersecurity highlights from the weekend.
01
Researchers have discovered hidden malicious code in the Python package ‘lr-utils-lib,’ which targets specific macOS systems to steal Google Cloud Platform credentials.
02
The FBI, the CISA, and other partner agencies have issued a warning against the North Korean APT group Andariel, which conducts cyber-espionage activities to obtain sensitive information for its military and nuclear programs.
03
Belarus-linked APT group GhostWriter targeted Ukrainian organizations with PicassoLoader malware, distributing documents with macros for malware deployment and post-exploitation tool Cobalt Strike Beacon.
04
Gh0st RAT was found being delivered by Gh0stGambit, a dropper targeting Chinese-speaking Windows users through a fake website offering a Google Chrome installer.
05
Attackers are impersonating Microsoft Office Forms and Adobe to conduct two-step phishing attacks, tricking users into revealing their Microsoft 365 credentials.
06
As per a report by TRM Labs, Russian threat groups accounted for at least 69% of all crypto proceeds from ransomware, exceeding $500 million in 2023. LockBit and ALPHV alone accounted for ransom payments of at least $320 million during 2023.
07
A critical security flaw, CVE-2023-45249, that lets unauthenticated attackers gain RCE on unpatched Acronis Cyber Protect (ACI) servers is being actively exploited despite the availability of patches.
08
Google recently fixed an authentication flaw that allowed attackers to bypass email verification, creating malicious Google Workspace accounts that could impersonate domain holders at third-party services.
09
Cybersecurity startup Chainguard raised $140 million in a Series C funding round led by Redpoint Ventures, Lightspeed Venture Partners, and IVP, with participation from existing investors.
10
Hiya, a voice security services provider announced the acquisition of the deepfake detection company Loccus.ai.
