Gh0st RAT malware is being delivered via the Gh0stGambit dropper, targeting Chinese-speaking Windows users through fake Chrome installers.

The malware can steal data, log keystrokes, and even enable remote access.

Read: https://thehackernews.com/2024/07/gh0st-rat-trojan-targets-chinese.html

The threat actor Stargazer Goblin has created a network of over 3,000 fake GitHub accounts to distribute malware, netting $100,000 in illicit profits.

Read details here: https://thehackernews.com/2024/07/stargazer-goblin-creates-3000-fake.html

Searchable encryption is emerging as a new gold standard in data security.

This breakthrough technology enables data to be encrypted while still being used, eliminating flaws during data processing.

Discover the power of searchable encryption: https://thehackernews.com/2024/07/how-searchable-encryption-changes-data.html

Acronis warns of a critical security flaw in its Cyber Infrastructure (ACI) product. This vulnerability, CVE-2023-45249, allows RCE due to default passwords, posing a high risk (CVSS score: 9.8)

Read: https://thehackernews.com/2024/07/critical-flaw-in-acronis-cyber.html

Ensure your ACI is up-to-date.

A vulnerability in VMware ESXi hypervisors has been exploited by ransomware groups to gain administrative access and deploy malware.

It allows attackers to escalate privileges easily, posing a severe risk to organizations using ESXi.

https://thehackernews.com/2024/07/vmware-esxi-flaw-exploited-by.html

Alert: A new phishing campaign, called OneDrive Pastejacking, uses an HTML file mimicking a Microsoft OneDrive error message to trick users into running a malicious PowerShell script.

Details here: https://thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html

SideWinder, a nation-state threat actor, targets maritime facilities in the Indian Ocean and Mediterranean Sea.

This campaign could disrupt international maritime operations and compromise sensitive data.

Learn more: https://thehackernews.com/2024/07/new-sidewinder-cyber-attacks-target.html

Widespread phishing campaigns in Poland lead to the deployment of malware families like Agent Tesla and Formbook.

Attackers use compromised email accounts and company servers to spread malware and collect stolen data.

Read: https://thehackernews.com/2024/07/cybercriminals-target-polish-businesses.html

Cybersixgill’s "State of the Underground 2024" report reveals the latest trends in the dark web. Understanding these trends is crucial for anticipating and mitigating cyber threats.

The report covers compromised credit card trends, initial access trends, and ransomware tactics used by threat actors.

Read: https://thehackernews.com/2024/07/cyber-threat-intelligence-illuminating.html

New Mandrake Android spyware found in five Google Play Store apps, undetected for two years.

This spyware compromised over 32,000 devices across multiple countries, showcasing the evolving threat landscape.

Learn more: https://thehackernews.com/2024/07/new-mandrake-spyware-found-in-google.html

RMM tools are being weaponized by cybercriminals to infiltrate networks. As remote work increases, RMM tools, if exploited, can lead to severe data breaches and undetected malicious activities.

Ransomware-as-a-service groups often use legitimate IT tools to navigate networks stealthily and steal data.

Implementing robust application control policies can mitigate these risks significantly.

Read about it here: https://thehackernews.com/2024/07/the-power-and-peril-of-rmm-tools.html

Meta settles for $1.4 billion with Texas over illegal biometric data collection. The lawsuit accused Meta of capturing facial data without users' consent, violating Texas law.

Learn more: https://thehackernews.com/2024/07/meta-settles-for-14-billion-with-texas.html

Companies in Russia and Moldova have been targeted by a phishing campaign from the cyber espionage group XDSpy.

XDSpy uses sophisticated spear-phishing techniques to deploy malware, which can exfiltrate data and gather passwords.

Read: https://thehackernews.com/2024/07/cyber-espionage-group-xdspy-targets.html

🚨 A large-scale Android malware campaign targeting 600+ global brands and millions of users has been uncovered.

Over 107,000 malicious apps, mostly outside known repositories, are stealing SMS messages and OTPs for identity fraud.

Learn more: https://thehackernews.com/2024/07/cybercriminals-deploy-100k-malware.html

How much time does your security team waste on false positives?

Inefficiencies in threat detection can drain your security resources and leave real threats unaddressed. Material Security clusters similar threats, simplifying investigation and remediation, saving hundreds of hours.

Learn more: https://thehackernews.com/2024/07/how-to-get-most-from-your-security.html

DEV#POPPER malware campaign targets developers on Windows, Linux, and macOS. The campaign exploits job interview scenarios to deliver #malware, compromising sensitive information.

Read: https://thehackernews.com/2024/07/north-korea-linked-malware-targets.html

ReversingLabs’ new guide breaks down all-things software supply chain security (SSCS).

It covers the current landscape of risks and threats, the steps to secure development pipelines, how to develop a third party-risk management program, and how to hunt for threats in your software supply chain.

Read: https://thehackernews.uk/reversinglabs-sscs-dummies

⚠️ Alert: DigiCert will revoke 83,267 SSL/TLS certificates within 24 hours due to a Domain Control Validation oversight.

This affects 6,807 customers & may cause temporary disruptions in secure communications.

Read: https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html

Ensure your certificates are up-to-date.

Facebook users targeted by scam e-commerce network using fake websites to steal personal and financial data.

The scam involves 608 fake sites, mainly accessed via mobile devices and ad lures on Facebook.

Read: https://thehackernews.com/2024/08/facebook-ads-lead-to-fake-websites.html

Stay vigilant and report suspicious ads.

Google Chrome introduces app-bound encryption for better cookie protection.

This new layer of security aims to prevent information-stealing malware from accessing cookies.

Learn more: https://thehackernews.com/2024/08/google-chrome-adds-app-bound-encryption.html