Cybersecurity is the practice of protecting people, systems and data from cyberattacks. Threats include ransomware and other malware, phishing scams and, increasingly, attacks powered by artificial intelligence (AI). As cybersecurity professionals safeguard digital assets, they must be aware of new vulnerabilities, threats and exploits as they emerge. Timely news alerts them to potential risks and empowers them to take proactive steps, such as patching or implementing other precautions.
A spoofed GitHub repository was used in a widespread information stealer campaign targeting Apple macOS users. The fraudulent repositories redirected victims to download the Atomic infostealer, which, once installed, was configured to steal credentials and launch a variety of malicious activities. Some of the tools impersonated in the campaign included 1Password, Basecamp, Gemini, Hootsuite, Dropbox, Notion, Salesloft, Shopify, SentinelOne and Thunderbird.
The City of Baltimore suffered a $1.5 million loss as a result of an impersonation attack that manipulated internal processes to redirect vendor payments into unauthorized accounts in the Workday system. The attackers, believed to be linked to Russia-linked APT29 – also known as Cozy Bear, Nobelium and BlueBravo – reportedly exploited weaknesses in the City’s verification procedures to alter banking information in Workday.
The Black Lotus Labs team at Lumen Technologies has discovered a sizeable proxy network that enables malware to turn infected devices into SOCKS5 proxies for command-and-control (C2) and downloading purposes. The REM Proxy service is currently powering the SystemBC botnet, which is being utilized by actors such as those behind the Morpheus ransomware group and the TransferLoader malware family.