2025-01-31 12:37:07 Pacfic
Multiple Cyber Attacks and Vulnerabilities - 3h
A series of cyber incidents have been reported, highlighting the evolving nature of online threats. A concerning trend involves a sophisticated phishing campaign targeting users in Poland and Germany, using PureCrypter malware to deliver multiple payloads, including Agent Tesla and Snake Keylogger, as well as a novel backdoor called TorNet. This TorNet backdoor employs advanced detection evasion tactics, requiring immediate and proactive defense measures. The campaign, which has been active since at least mid-summer 2024, indicates financially motivated threat actors behind the attacks. Security tools are available with threat intelligence to assist in detecting and preventing such intrusions.
Multiple additional vulnerabilities have been discovered, including over 10,000 WordPress websites unknowingly delivering MacOS and Windows malware through fake Google browser update pages. This cross-platform malware attack is notable as it delivers AMOS for Apple users and SocGholish for Windows users, and is the first time these variants have been delivered through a client-side attack. Moreover, an OAuth redirect flaw in an airline travel integration system has exposed millions of users to account hijacking. By manipulating parameters within the login process, attackers can redirect authentication responses, gain unauthorized access to user accounts, and perform actions like booking hotels and car rentals. These incidents underscore the importance of constant vigilance and robust security measures across all platforms.
ImgSrc: ciso2ciso.com
References:
- @BleepingComputer - Exploitation of SimpleHelp RMM vulnerabilities to gain initial access to target networks - 7h
- Security Archives - Security Affairs - Attackers exploit SimpleHelp RMM software flaws for initial access. - 7h
- Help Net Security - Attackers are leveraging vulnerabilities in SimpleHelp. - 7h
- www.bleepingcomputer.com - Hackers are exploiting flaws in SimpleHelp RMM to breach networks - 6h
- ciso2ciso.com - TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads – Source: socprime.com - 4h
- cside.dev - 10,000 WordPress Websites Found Delivering MacOS and Microsoft Malware - 4h
- The Hacker News - OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking - 4h