> The threat actors use a variety of distribution channels, including malvertising, spearphishing, and brand impersonation in online gaming, cryptocurrency, and software, to spread 50 malware payloads, including AMOS, Stealc, and Rhadamanthys. > Victims are lured into downloading malicious software by interacting with what they are tricked into believing are legitimate job opportunities or project collaborations. > On Windows, HijackLoader is used for delivering Stealc, a general-purpose lightweight info-stealer designed to collect data from browsers and crypto wallet apps, or Rhadamanthys, a more specialized stealer that targets a broad range of applications and data types. > When the target uses macOS, Marko Polo deploys Atomic ('AMOS'). This stealer launched in mid-2023, rented to cybercriminals for $1,000/month, allowing them to snatch various data stored in web browsers.

>Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack.

thehackernews.com

>"After an initial chat conversation, the attacker sent a ZIP file that contained COVERTCATCH malware disguised as a Python coding challenge," researchers Robert Wallace, Blas Kojusner, and Joseph Dobson said. >The malware functions as a launchpad to compromise the target's macOS system by downloading a second-stage payload that establishes persistence via Launch Agents and Launch Daemons.

Data Breaches IllNess • 1mo ago • 97%

Car rental giant Avis discloses data breach impacting customers

>American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information.

Tracked as [CVE-2024-45195](https://nvd.nist.gov/vuln/detail/CVE-2024-45195) and discovered by Rapid7 security researchers, this remote code execution flaw is caused by a forced browsing weakness that exposes restricted paths to unauthenticated direct request attacks.

thehackernews.com

>The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware has been propagated via traditional phishing emails, Unit 42 researchers Mark Lim and Tom Marsden said. Definitions: Malvertising - Internet advertising whose real intention is to deliver malware to the PC when the ad is clicked. [-wordnik](https://www.wordnik.com/words/malvertising)

>The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. >Bitcoin ATMs are typically located in convenience stores, gas stations, and other busy areas, but instead of dispensing cash like the traditional ATMs they resemble, they allow you to buy and sell cryptocurrency.

thehackernews.com

> Written in Rust and capable of targeting both Windows and Linux/ESXi hosts, Cicada3301 first emerged in June 2024, inviting potential affiliates to join their ransomware-as-a-service (RaaS) platform via an advertisement on the RAMP underground forum.

>Though D-Link acknowledged the security problems and their severity, it noted that they fall under its standard end-of-life/end-of-support policies, meaning there will be no security updates to address them.

>The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright.

>Researchers Ian Carroll and Sam Curry discovered the vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) initiative that allows pilots and flight attendants to skip security screening, and CASS enables authorized pilots to use jumpseats in cockpits when traveling. Definitions: SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. -[Wikipedia](https://en.wikipedia.org/wiki/SQL_injection)

>North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. >Citrine Sleet targets financial institutions, focusing on cryptocurrency organizations and associated individuals, and has been previously linked to Bureau 121 of North Korea's Reconnaissance General Bureau.

www.darkreading.com

>In the watering-hole attacks, threat actors infected two websites, cabinet.gov[.]mn and mfa.gov[.]mn, which belong to Mongolia's Cabinet and Ministry of Foreign Affairs. They then injected code to exploit known flaws in iOS and Chrome on Android, with the ultimate goal of hijacking website visitors' devices. Definitions: **Watering hole** is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. -[Wikipedia](https://en.wikipedia.org/wiki/Watering_hole_attack) Whereas zero-days are a class of vulnerability that is unknown to a software developer or hardware manufacturer, an **N-day** is a flaw that is already publicly known but may or may not have a security patch available. -[Dark Reading](https://www.darkreading.com/vulnerabilities-threats/the-overlooked-problem-of-n-day-vulnerabilities)

Data Breaches IllNess • 2mo ago • 100%

FBI: RansomHub ransomware breached 210 victims since February

cross-posted from: https://infosec.pub/post/16863645 > This relatively new ransomware-as-a-service (RaaS) operation extorts victims in exchange for not leaking stolen files and sells the documents to the highest bidder if negotiations fail. The ransomware group focuses on data-theft-based extortion rather than encrypting victims' files, although they were also identified as potential buyers of Knight ransomware source code. > > Since the start of the year, RansomHub has claimed responsibility for breaching American not-for-profit credit union Patelco, the Rite Aid drugstore chain, the Christie's auction house, and U.S. telecom provider Frontier Communications. Frontier Communications later warned over 750,000 customers their personal information was exposed in a data breach.