A sophisticated malware campaign attributed to the Kimsuky group (APT43) has been identified, targeting aerospace and defense companies, called "Niki". It uses job descriptions as a decoy to deploy a previously undocumented backdoor, allowing remote access, command execution, and exfiltration of sensitive data.
Discovered in May 2024, the "Zergeca" botnet is characterized by its versatility and ability to carry out more than just DDoS attacks. It employs DNS over HTTPS (DoH) for covert communication and advanced bundling techniques, allowing it to evade detection.
As for malware, RansomHub, a ransomware operation, has added a Linux encryptor to its arsenal, specifically targeting VMware ESXi environments. It uses a double extortion model and has been identified as a possible rebranded version of the Knight ransomware.
The Rafel RAT malware has shown an alarming increase in activity, primarily targeting Android devices. This malware is used by various threat actors and is capable of exfiltrating sensitive data, including contact lists and two-factor authentication (2FA) messages.
In terms of vulnerabilities, we are aware of Google Chrome, which has released version 126, which fixes four critical use-after-release vulnerabilities (CVE-2024-6290 to CVE-2024-6293). Major vulnerabilities have been detected in two Apache products that could seriously compromise the security of affected systems. Finally, SET has addressed a critical local privilege escalation vulnerability in its Windows security products, identified as CVE-2024-2003.
For more details of the weekly newsletter: Clic here
Comments