Key Takeaways

1. Mekotio Trojan: A new virus is pretending to be messages from tax authorities, which is a major threat to scams and data theft.

2. npm Account Vulnerability: It has been said that the npm portal has a possible account takeover vulnerability, but this has not yet been proven.

3. REvil Ransomware Trial: The trial against members of the REvil gang continues in Russia, even though the law isn't clear and there are problems with the proof.

4. BlastRADIUS Vulnerability: Man-in-the-middle attacks could happen because of a major flaw in the RADIUS protocol.

5. Recent Breach: Vulnerabilities in Ghostscript and Gogs, a data breach at Roblox, and a privacy flaw in OpenAI's ChatGPT on Mac are some of the most recent leaks.

Cyber Criminal Chronicles

Trojan Alert: Mekotio Masquerades as Tax Agencies

According to Trend Micro, a newly discovered trojan named Mekotio is posing as communications from tax agencies, targeting individuals and organizations with the risk of fraud and data theft. Protect yourself by being vigilant with unsolicited emails.

Read more: InfoSecurity Magazine

Npm Account Takeover Vulnerability

A threat actor is claiming to sell details about a vulnerability that allows account takeovers on the npm portal. DevSecOps company Socket has yet to confirm these claims, but the potential risk remains high for developers.

Read more: Socket Blog

REvil Case in Russia: A Judicial Tug-of-War

The trial against eight suspected members of the REvil ransomware gang is ongoing in a St. Petersburg military court. These individuals were accused of launching the infamous Colonial Pipeline attack. The case has faced numerous delays and uncertainties, casting doubt on the strength of the evidence.

Read more: Izvestia

Security Breach Trends

BlastRADIUS Vulnerability: RADIUS Protocol at Risk

Researchers have found a vulnerability in the RADIUS network authentication protocol, dubbed BlastRADIUS. This flaw allows attackers to execute man-in-the-middle (MitM) attacks, potentially bypassing integrity checks.

Read more: CERT

Critical Vulnerabilities in Gogs Git Service

Four unpatched vulnerabilities have been discovered in the Gogs Git service, including three critical ones. These flaws could let attackers compromise instances, steal, delete source code, or inject backdoors.

Read more: Sonarsource

Ghostscript Toolkit Exploitation

A critical remote code execution vulnerability in the Ghostscript document conversion toolkit is actively being exploited. This flaw affects many Linux systems, posing a significant threat of unauthorized access and malicious code execution.

Read more: Codeanlabs

Roblox Data Breach

Roblox has disclosed a data breach affecting sensitive information of attendees from its 2022, 2023, and 2024 Developer Conferences. This breach highlights the ongoing risks associated with online platforms.

Read more: X

Cisco OpenSSH Vulnerability Alert

Cisco has warned that 42 of its products are vulnerable to the OpenSSH regreSSHion vulnerability, with an additional 51 products under investigation. This highlights the importance of keeping systems updated and patched.

Read more: Qualys

ChatGPT Mac App Flaw

A security flaw in OpenAI's ChatGPT software has been found to store user conversations in plaintext on Mac computers, risking user privacy and security. Ensure your software is up-to-date and secure.

Read more: Bitdefender

Tech Trends & Privacy Protocols

Apple Removes VPN Apps in Russia

Apple has removed 25 VPN apps, including ProtonVPN and NordVPN, from its App Store in Russia following a request from Roskomnadzor. This move has significant implications for digital privacy in the region.

Read more: Zona Media

Cloudflare DNS Outage

Cloudflare’s DNS resolver service, 1.1.1.1, experienced outages due to a combination of BGP hijacking and route leak. This incident underscores the fragility of internet infrastructure.

Read more: Cloudflare

Threat Intelligence Reports

Mekotio Banking Trojan Surge

A surge in attacks distributing the Mekotio banking trojan has been observed, particularly targeting financial institutions in Latin American countries. Stay vigilant and enhance your cybersecurity defenses.

Read more: Trend Micro

Advanced Cyber Threats

OilAlpha's Target on Humanitarian Aid Groups

OilAlpha's malicious applications are targeting humanitarian aid groups in Yemen. Learn about their tactics and how to mitigate these threats to ensure aid delivery continues without interruption.

Read more: Recorded Future

Russian PSYOPS Targeting France

InforNapalm has profiled Razroev Alexander Denisovich, an officer in Russia's Department of Information and Mass Communications, responsible for PSYOPS targeting French audiences.

Read more: InforNapalm

APT-C-26 (Lazarus) PyPI Malware Campaigns

Qihoo 360’s security team reports on APT-C-26 (Lazarus) campaigns attempting to plant malware on the PyPI portal. Stay informed on these advanced persistent threats.

Read more: Report

Turla APT Group's Evasion Techniques

G Data researchers analyze the evasion techniques used by the Turla Russian APT group. Learn how these sophisticated methods work and how to protect against them.

Read more: G Data Blo

If you’re interested in FREE content around Bug Bounty, APT Report, Supply Chain Attack and more, be sure to hit (carefull) the link below.

Join 1,000+ other readers ensuring a more secure digital ecosystem.

https://invaders.beehiiv.com/