The attackers exploit default settings in Teams to send over 1,000 malicious chat invites. Once the attachment is downloaded, the malware connects to a command-and-control server.
The attack, IOActive explains, was possible due to a vulnerability in the ATM’s software update mechanism that could allow an attacker to supply their own malicious file and trigger legitimate processes for code execution.
The KrustyLoader malware, identified in the analysis, is designed to download and execute a Sliver backdoor written in GoLang, indicating APT-level sophistication in these attacks.
Security step-ups should only be used for higher-risk scenarios and should be implemented in a user-friendly manner to maintain a balance between security and user experience.
An ongoing cyberattack against Georgia’s Fulton County, which includes parts of Atlanta, has brought some of the government’s systems to a standstill, halting access to court filings, tax processing, and other services.
White Phoenix attempts to recover data through automated restoration methods and may help restore valuable files for ransomware victims, providing a potential option for those affected by certain ransomware strains.
The ransomware appends a random 8-character alphanumeric extension to encrypted files and its DLS, titled “MYDATA,” is considered unstable and frequently offline, indicating the group is still in the process of setting up operations.
The compromised database is being sold on hacker forums, with two cybercrime groups offering the data for sale, highlighting the growing threat posed by emerging threat groups like CYBO CREW and its affiliates.
A significant number of network administrators and IT personnel were found to have their credentials compromised, highlighting the vulnerability of staff involved in network engineering and IT management operations.
Dynatrace’s acquisition of Runecast will enhance its platform with AI-powered security posture management for proactive risk mitigation and real-time vulnerability assessments in hybrid and multicloud environments.