Attackers are increasingly using PowerShell as a preferred tool for executing malicious scripts and commands. A new PowerShell backdoor enables threat actors to deploy additional malware using advanced obfuscation techniques. In other news, attackers are targeting Microsoft OneDrive users and deceiving them into executing a PowerShell script in a phishing campaign. As per a report, security controls on macOS endpoints thwarted only 23% of attacks, whereas Windows and Linux managed to prevent 62% and 65% of attacks, respectively. Here are the top cybersecurity highlights from the past 24 hours.
01
A new PowerShell backdoor linked to the Zloader/SilentNight malware allows threat actors to gain further access and deploy other malware, utilizing sophisticated obfuscation techniques.
02
A sophisticated phishing campaign has been targeting Microsoft OneDrive users via social engineering tactics to trick them into executing a PowerShell script, resulting in system compromise.
03
By exploiting the OAuth standard and newly discovered XSS flaws in the Hotjar web analytics platform, attackers could compromise over a million websites to hijack user accounts.
04
Researchers discovered a critical exploit—EchoSpoofing—in Proofpoint’s email protection service that allowed threat actors to send millions of spoofed phishing emails, bypassing security protections and impersonating major brands.
05
The pro-Ukrainian Cyber Anarchy Squad targeted the Russian information security firm Avanpost, encrypting over 400 virtual machines and leaking 390GB of data.
06
The source code for the Trik botnet, aka Phorpiex, which is a C++ botnet with a suite of modules is up for sale in antivirus circles, claimed a threat actor.
07
The new Specula red team post-exploitation framework can turn Microsoft Outlook into a C2 beacon for RCE by exploiting the CVE-2017-11774 vulnerability. Despite Microsoft’s patch, attackers can still create malicious home pages using registry values.
08
As per a report, 40% of tested environments had vulnerabilities that could lead to domain administrator access. On the other hand, security controls on macOS endpoints prevented only 23% of attacks, compared to 62% on Windows and 65% on Linux.
09
Cowbell, an SME-focused cyber insurance provider, secured a $60 million Series C equity investment from Zurich Insurance Group.
10
Evo Security, an IAM solutions provider for MSPs, raised $6 million in a Series A funding round led by TechOperators, with additional support from Inner Loop Capital, MetroSITE Group, and others.
