Crypto users become new targets of a phishing kit leveraging SMS and voice calls to identify users. According to an intelligence report about the kit, it allows attackers to build copies of single sign-on (SSO) pages, which are used in combination with email, SMS, and vishing to trick targets into sharing sensitive information such as usernames, passwords, password reset URLs, and photo IDs. The targets are primarily employees of FCC (Federal Communications Commission), Coinbase, and Binance and users of Binance, coinbase, Gemini, Kraken, ShakePay, Caleb & Brown, and Trezor platforms. At the time of the report, the number of victims had already exceeded 100.
Ivanti Flaws is in the news again as Five Eyes Agencies warn about exploiting its Gateway vulnerabilities. According to CISA, “Ivanti ICT is insufficient to detect compromise and that a cyber threat actor may be able to gain root-level persistence despite issuing factory resets.” The vulnerabilities disclosed by Ivanti are CVE-2023-46805 (CVSS score: 8.2) – Authentication bypass vulnerability in web component CVE-2024-21887 (CVSS score: 9.1) – Command injection vulnerability in web component CVE-2024-21888 (CVSS score: 8.8) – Privilege escalation vulnerability in web component CVE-2024-21893 (CVSS score: 8.2) – SSRF vulnerability in the SAML component CVE-2024-22024 (CVSS score: 8.3) – XXE vulnerability in the SAML component.
Cybersecurity researchers have detected BIFROSE (aka Bifrost), a new Linux variant of a remote access trojan that can impersonate VMware using deceptive domains. Bifrost is designed solely to bypass security measures and effectively compromise targeted systems. Further investigations revealed that BlackTech (aka Circuit Panda, HUAPI, Manga Taurus, Palmerworm, PLEAD, Red Djinn, and Temp.Overboard) is the threat actor behind the malware design and functionality.
Secret scanning push protection will now be enabled by default for all pushes to public GitHub repositories. According to reports, the development implies that when a supported secret is detected in any push to a public repository, users can either remove the secret from the commits or bypass the block. The Mogilevich ransomware group has attacked multiple businesses. The victims are listed below.
Shein: Shein is a global online fashion and lifestyle retailer specializing in cross-border e-commerce, fashion, and supply chain. The Singaporean company has over 10000 employees and a revenue of $3.5 billion.
Kick:Â Kick.com is a live-streaming platform hosting all entertainment content and broadcast. The entertainment company specializes in streaming and video content. The company has over 50 employees and a revenue of $5 million.
DJI: The company is a global leader in developing and manufacturing innovative drone and camera technology for commercial and recreational use. The company specializes in Aerial Photography and Video, Drones, SkyPixel, 3-axis Gimbal, Handheld Gimbal, Flight Controllers, Lossless 4K video, Professional aerial filmmaking tools, Phantom, Ronin, Inspire, Spreading Wings, Matrice, Mavic, Thermal Camera, Enterprise Solutions, Enterprise Sector, Zoom Camera, Inspection, Customized Platforms, Search & Rescue, and Photogrammetry. DJI has over 10000 employees and $2.8 billion in revenue.
Gansevoort Hotel Group, a New York hospitality company, became a victim of Akira’s ransomware group attack. The company specializes in Boutique Hotels, Nightlife, Guest Recovery, Hospitality Management, Luxury Lifestyle, Urban Retreat, Downtown Oasis, and Meatpacking District. Gansevoort has over 500 employees and a revenue of $90.6 million.
