Security Affairs Newsletter

"A crafty phishing campaign targets Microsoft One Drive users."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 01 August 2024, 1556 UTC.

Content and Source:  https://securityaffairs.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.cybersecurityjournal.net).

 

Security Affairs

66K followers23 articles per week#security#tech

13

Most popular

A crafty phishing campaign targets Microsoft OneDrive users

8 TTPs

•

27by Pierluigi Paganini / 2d

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. Threat actors rely on social engineering tactics to trick users into executing a PowerShell script, which leads to the

CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog

Virtualization/Sandbox Evasion (Enterprise T1497)

•

25by Pierluigi Paganini / 1d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a VMware ESXi bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an authentication bypass VMware ESXi vulnerability, tracked as CVE-2024-37085 (CVSS score of 6.8), to its Known Exploited Vulnerabilities (KEV) catalog . This week, Microsoft warned that multiple

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

IoC > 4 hashes

•

20by Pierluigi Paganini / 1d

•

2 TTPs

•

Mandrake spyware resurfaces on Google Play

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024. Researchers from Bitdefender discovered the high-sophisticated Android spyware Mandrak

Yesterday

BingoMod Android RAT steals money from victims’ bank accounts and wipes data

Input Capture (Mobile T1417)

•

by Pierluigi Paganini / 9h

•

BingoMod malware steals money wipes data

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts. The Cleafy TIR team discovered the previously undetected malware at the end of May 2024. BingoMod was designed to initiate mo

A ransomware attack disrupted operations at OneBlood blood bank

OneBlood cyberattack disrupts services

•

by Pierluigi Paganini / 17h

OneBlood, a non-profit blood bank serving over 300 U.S. hospitals, suffered a ransomware attack that disrupted its medical operations. OneBlood is a non-profit organization that provides blood and blood products to over 300 hospitals and medical facilities across the U.S. Southeast. The organization collects, tests, and distributes blood to ensure a steady supply for needy patients. A disruptive

Apple fixed dozens of vulnerabilities in iOS and macOS

Apple releases iOS 17.6 updates

•

by Pierluigi Paganini / 1d

Apple has issued security updates to address multiple vulnerabilities across iOS, macOS, tvOS, visionOS, watchOS, and Safari. Apple released security updates to address multiple vulnerabilities in iOS, macOS, tvOS, visionOS, watchOS, and Safari. The IT giant released iOS 17.6 and iPadOS 17.6 to address dozens of security vulnerabilities, including authentication and policy bypasses, information d

Jul 30, 2024

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

13 TTPs

•

by Pierluigi Paganini / 1d

•

Phishing attacks target Polish SMBs

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT . ESET researchers detected nine notable phishing campaigns during May 2

A Fortune 50 company paid a record-breaking $75 million ransom

Dark Angels ransomware group nets 75M$

•

by Pierluigi Paganini / 1d

Zscaler researchers revealed that a company paid a record-breaking $75 million ransom to the Dark Angels ransomware group. Zscaler discovered a record-breaking ransom payment of US$75 million made by a company to the Dark Angels ransomware group. Zscaler did not name the company that paid the $75 million ransom following an attack that occurred in early 2024. This is the largest ransomware paymen

SideWinder phishing campaign targets maritime facilities in multiple countries

9 TTPs

•

by Pierluigi Paganini / 2d

The APT group SideWinder launched a new espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. In the 2022 attacks, the threat actors also targete

Jul 29, 2024

Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085

8 TTPs

•

by Pierluigi Paganini / 2d

•

CVE-2024-37084 & 1 other

Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. “Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operat

Acronis Cyber Infrastructure bug actively exploited in the wild

2 TTPs

•

by Pierluigi Paganini / 3d

•

CVE-2023-45249

Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild. Acronis is warning of a critical vulnerability, tracked as CVE-2023-45249 (CVSS score of 9.8), in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild. ACI is a comprehensive IT solution designed to provide cyber protect

Jul 28, 2024

Fake Falcon crash reporter installer used to target German Crowdstrike users

8 TTPs

•

by Pierluigi Paganini / 3d

CrowdStrike warns about a new threat actor targeting German customers by exploiting a recent issue with Falcon Sensor updates. On July 24, 2024, CrowdStrike experts identified a spear-phishing campaign targeting German customers by exploiting the recent issue with Falcon Sensor updates . A previously unknown threat actor set up a fake website, resembling a German entity, to distribute a bogus Cro

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

5 TTPs

•

by Pierluigi Paganini / 3d

Belarus-linked APT group GhostWriter targeted Ukrainian organizations with a malware family known as PicassoLoader, used to deliver various malicious payloads. The Ukrainian Government’s Computer Emergency Response Team (CERT-UA) reported a surge in activity associated with the APT group UAC-0057 (aka GhostWriter ) group between July 12 and 18, 2024. Threat actors distributed documents containing

End of feed