VIEH Daily threat analysis | 14 August 2024

In a disconcerting twist of events, CERT-UA has sounded the alarm on a phishing campaign that unleashed the ANONVNC malware and compromised over 100 government computers.

The ransomware landscape is growing ever more treacherous with the emergence of DeathGrip, a newly minted RaaS that lures aspiring cybercriminals with sophisticated ransomware capabilities.

A troubling set of security vulnerabilities in Google’s Quick Share has come to light, exposing users to the QuickShell attack chain that could enable hackers to take complete control of devices and do more harm. 

Top Malware Reported in the Last 24 Hours

Phishing campaign targets Ukraine

CERT-UA warned of a new phishing campaign impersonating the Security Service of Ukraine to distribute malware called ANONVNC, which allows for unauthorized access to infected computers. More than 100 computers, including those belonging to government bodies, have been infected since July 2024. The agency also noted an increase in campaigns distributing the PicassoLoader malware to deploy Cobalt Strike Beacon, with a threat actor tracked as UAC-0057.

DeathGrip: New RaaS emerges

A new Ransomware-as-a-Service (RaaS) called DeathGrip has appeared in the ransomware landscape. It is being promoted on underground forums and offers aspiring threat actors sophisticated ransomware tools. The emergence of DeathGrip ransomware highlights the evolving threat landscape, emphasizing the importance of robust cybersecurity measures to safeguard against ransomware attacks.

The scream of Banshee Stealer 

A new cyber threat called Banshee Stealer targets macOS systems, posing a significant risk to users. This malicious software can extract sensitive information like passwords from Keychain, system data, and browser details. It also targets cryptocurrency wallets and plugins, making it a comprehensive tool for cybercriminals.

Click here for internship

Top Vulnerabilities Reported in the Last 24 Hours

Google patches critical flaw

Security researchers discovered critical vulnerabilities in Google’s Quick Share, leading to remote code execution and the potential for attackers to gain full system control. The vulnerabilities could have allowed attackers to force file downloads, hijack Wi-Fi connections, and ultimately gain full system control through a series of exploits known as the QuickShell attack chain. Google has acknowledged the severity of the issue and deployed fixes for the reported vulnerabilities.

Patch this FreeBSD bug!

The FreeBSD Project has released urgent security updates to fix a high-severity flaw in OpenSSH (CVE-2024-7589), which could allow remote attackers to execute arbitrary code with elevated privileges. The flaw stems from a race condition in the privileged sshd context, caused by calling functions that are not async-signal-safe. Users are urged to upgrade to a supported FreeBSD stable version and restart sshd to mitigate the issue.

Top Scams Reported in the Last 24 Hours

BEC scam targets Orion SA

Orion SA, a Luxembourg-based chemicals and manufacturing company, disclosed in a filing with the U.S. SEC that it fell victim to a criminal wire fraud scheme, potentially losing around $60 million. The incident, believed to be a BEC scheme, involved fraudulent wire transfers to accounts controlled by unknown parties. Orion is working with law enforcement to recover the funds and has not found evidence of further fraudulent activity or unauthorized access to its systems.

Post Credit: The hackers news, broadcom, cybersecurity news, safebreach, security affairs, the register, Cyware

Leave a Comment

Your email address will not be published. Required fields are marked *