Microsoft addresses a zero-day vulnerability, tracked as CVE-2024-38193, which has been exploited by the North Korea-linked Lazarus APT group.
CVE-2024-38193 Vulnerability
Multiple Industries
Cyber Espionage
>1
Microsoft, Lazarus, North Korea, CVE-2024-38193, Gen
2
16/08/2024
Since at least mid-August 2024
Mid-August 2024
Storm-2035
Audiences in the U.S.
OpenAI bans ChatGPT accounts linked to Storm-2035, an Iranian crew suspected of spreading fake news on social media sites about the upcoming US presidential campaign.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
US
OpenAI, ChatGPT, Storm-2035, Iran, US presidential campaign
3
16/08/2024
During March 2024
During March 2024
STY1X
Multiple organizations in China, India, the UAE, and the Philippines.
Researchers from Check Point unearth a spam campaign distributing the Agent Tesla malware by a threat actor with the moniker of STY1X. An operational mistake allowed the researchers to unmask the attacker as the author of the Styx Stealer malware.
Malware
Multiple Industries
Cyber Crime
AE
CN
IN
PH
STY1X, Check Point, Agent Tesla, STY1X, Styx Stealer
4
16/08/2024
–
24/07/2024
BlueNoroff
Blockchain engineers
Researchers from Kandji uncover a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups.
Malware
Fintech
Cyber Crime
>1
Kandji, macOS,TodoSwif, North Korea, BlueNoroff
5
16/08/2024
Since mid-2023
Late 2023
Cybercartel
Multiple organizations in Latin America
Researchers at Metabase Q identify various Phishing and Spam campaigns against companies in Latin America where the malicious software used, malicious browser extensions, are sold on the international fraud platform known as Genesis Market.
Malicious Browser Extensions
Multiple Industries
Cyber Crime
>1
Metabase Q, Genesis Market, Cybercartel
6
16/08/2024
04/08/2024
04/08/2024
?
North Miami City Hall
A “cyber incident” leaves the North Miami City Hall closed for nearly a week
Unknown
Public admin and defence, social security
Cyber Crime
US
North Miami City Hall
7
17/08/2024
Since at least mid-August 2024
Mid-August 2024
?
Multiple organizations
A disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites.
Malware
Multiple Industries
Cyber Crime
>1
Azure, OVH
8
18/08/2024
–
–
?
Unknown organization(s)
Researchers at the Shadowserver Foundation observe an exploit attempt based on the public PoC for Ivanti vTM vulnerability CVE-2024-7593.
Threat actors target Monobank, one of Ukraine’s most popular online banks with a massive distributed denial-of-service (DDoS) attack, primarily focusing on a service used by Ukrainians to raise donations for the military.
DDoS
Finance and insurance
Cyber Warfare
UA
Monobank
10
19/08/2024
Between at least June 12, 2024, and mid-July 2024
Between at least June 12, 2024, and mid-July 2024
Multiple threat actors including Volt Typhoon a.k.a. Bronze Silhouette
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2024-23897, a Jenkins Command Line Interface (CLI) Path Traversal vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. A following analysis by researchers at Lumen reveal that the vulnerability is currently exploited by the Chinese threat actor Volt Typhoon.
CVE-2024-23897 Vulnerability
Unknown
Cyber Espionage
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2024-23897, Jenkins Command Line Interface, CLI, Path Traversal, Known Exploited Vulnerabilities, KEV, Lumen, Volt Typhoon, Bronze Silhouette
11
19/08/2024
During July 2024
Since at least July 2024
?
Korean and Chinese speakers
Researchers from Cyberint discover a new type of malware called UULoader used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz.
Malware
Multiple Industries
Cyber Crime
CN
KR
Cyberint, UULoader, Gh0st RAT, Mimikatz
12
19/08/2024
–
–
UAC-0020 a.k.a. Vermin
Multiple organizations in Ukraine
Ukraine’s computer emergency response team (CERT-UA) reveals that a pro-Russian hacker group known as Vermin is using lures related to Ukraine’s offensive across the border to infect devices with two malware strains, the previously known Spectr spyware and a new malware strain called Firmachagent.
Researchers at Perception Point observe a surge in phishing attacks exploiting the URL protection services of trusted, legitimate email security vendors.
Malware
Multiple Industries
Cyber Crime
>1
Perception Point, URL rewrite
14
19/08/2024
–
–
?
Multiple organizations
Researchers at Hyas discover a campaign using Steam as the command and control server, and hiding their C2 domains by using a simple form of encryption known as a “Substitution Cipher.”
Malware
Multiple Industries
Cyber Crime
>1
Hyas, Steam, Substitution Cipher.
15
19/08/2024
–
–
?
Multiple organizations
Researchers at Aqua discover a new malware strain dubbed PG_MEM designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.
Brute-force
Multiple Industries
Cyber Crime
>1
Aqua, PG_MEM PostgreSQL
16
19/08/2024
Since 2022
‘Recently’
?
Multiple organizations
Researchers at Stroz Friedberg identify active usage of a lesser-known Linux persistence technique by an as-yet unidentified piece of malware, dubbed “sedexp.”
Malware
Multiple Industries
Cyber Crime
>1
Stroz Friedberg, Linux, sedexp
17
19/08/2024
Since at least March 2023
Since at least March 2023
Blind Eagle a.k.a. APT-C-36
Several sectors, including governmental institutions, financial companies, energy and oil and gas companies.
Researchers from Kaspersky shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations.
Malware
Multiple Industries
Cyber Crime
CL
CO
EC
PA
>1
Blind Eagle, APT-C-36, Kaspersky
18
19/08/2024
03/10/2023
17/10/2023
?
Arden Claims Service
Class action litigation claims administration firm Arden Claims Service notifies about 139,000 individuals that their personal information was stolen during an October 2023 data breach.
Unknown
Administration and support service
Cyber Crime
US
Arden Claims Service
19
19/08/2024
25/12/2022
16/08/2024
ZeroSevenGroup
U.S. Branch of Toyota
Toyota confirms that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum.
Unknown
Manufacturing
Cyber Crime
US
ZeroSevenGroup, Toyota
20
19/08/2024
Mid-August 2024
Mid-August 2024
?
Solana users
Decentralized exchange aggregator Jupiter says it identified a malicious Google Chrome extension, called Bull Checker, which threat actors use to drain Solana user wallets
Malicious Browser Extensions
Fintech
Cyber Crime
>1
Jupiter, Google Chrome, Bull Checker, Solana
21
19/08/2024
During 2024
During 2024
Multiple threat actors
Crypto users in Australia
The Australian Securities and Investments Commission says it has removed 615 cryptocurrency investment scams over the past year as part of a broader effort to combat investment fraud.
Scam
Fintech
Cyber Crime
AU
Australian Securities and Investments Commission, ASIC
22
20/08/2024
–
–
?
Undisclosed university in Taiwan
Researchers at Symantec reveal that unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university’s Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability (CVE-2024-4577).
Targeted Attack
Education
Unknown
TW
Symantec, Msupedge, PHP, CVE-2024-4577
23
20/08/2024
Since 22/07/2024
During July 2024
TA453
Prominent Jewish figure
Researchers at ProofPoint reveal that the Iranian state-sponsored threat actors from TA453 have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting with the goal of delivering a new intelligence-gathering tool called AnvilEcho.
Targeted Attack
Individual
Cyber Espionage
IL
TA453, Iran, Israel, ProofPoint, TA453, AnvilEcho
24
20/08/2024
Since at least early November 2023
Early November 2023
?
Banking users in Czech Republic, Hungary and Georgia
Researchers from ESET discover a sophisticated mobile phishing technique in financial fraud campaigns across the Czech Republic, Hungary and Georgia, leveraging progressive web applications (PWA).
Malware
Finance and insurance
Cyber Crime
CZ
GE
HU
ESET, PWA, Android, iOS
25
20/08/2024
Since at least 30/07/2024
30/07/2024
?
Multiple organizations
Researchers at Datadog discover an opportunistic campaign leveraging the Log4Shell (CVE-2021-44228) vulnerability for crypto-mining and system compromise.
CVE-2021-44228 Vulnerability
Multiple Industries
Cyber Crime
>1
Datadog, Log4Shell, CVE-2021-44228
26
20/08/2024
Since 2020
During August 2024
APT42 a.k.a. Charming Kitten, Damselfly, Mint Sandstorm, Phosphorus, TA453, GreenCharlie, and Yellow Garuda.
U.S. political campaigns
Researchers at Recorded Future unearth a new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns using new malware samples such as POWERSTAR (a.k.a. CharmPower and GorjolEcho) and GORBLE
Targeted Attack
Public admin and defence, social security
Cyber Espionage
US
Recorded Future, Iran, POWERSTAR, CharmPower, GorjolEcho, GORBLE, APT42, Charming Kitten, Damselfly, Mint Sandstorm, Phosphorus, TA453, GreenCharlie, Yellow Garuda.
27
20/08/2024
17/08/2024
17/08/2024
Play
Microchip Technology Incorporated
American chipmaker Microchip Technology Incorporated discloses that a cyberattack impacted its systems, disrupting operations across multiple manufacturing facilities. Few days later the Play ransomware gang leaks gigabytes of data allegedly stolen from the organization.
Ransomware
Manufacturing
Cyber Crime
US
Microchip Technology Incorporated, ransomware, Play
28
20/08/2024
19/01/2023
25/01/2023
Avos Locker
Cannon Corporation
The Cannon Corporation dba CannonDesign sends notices of a data breach to more than 13,000 of current and former employees, informing that threat actors breached and stole data from its network in an attack in early 2023. The Avos Locker ransomware gang claims responsibility for the attack.
A crypto user loses $55.47 million worth after falling victim to a sophisticated phishing attack targeting their Maker vault.
Account Takeover
Fintech
Cyber Crime
Unknown
Crypto whale
30
21/08/2024
20/08/2024
20/08/2024
?
Multiple organizations
Researches at Wordfence reveal that threat actors have already started to exploit the critical severity vulnerability CVE-2024-28000 that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public.
Google releases a new Chrome emergency security update to patch CVE-2024-7971, a zero-day vulnerability tagged as exploited in attacks. Few days later the vulnerability is added into the CISA Known Exploited Vulnerabilities (KEV) catalog.
CVE-2024-7971 Vulnerability
Unknown
Unknown
Unknown
Google, Chrome, CVE-2024-7971, CISA, Known Exploited Vulnerability, KEV
32
21/08/2024
–
–
?
Multiple organizations
Researchers at Malwarebytes discover a sophisticated Slack malvertising campaign exploiting Google search ads to deliver malware.
Malware
Multiple Industries
Cyber Crime
>1
Malwarebytes, Slack, malvertising, Google search ads
33
21/08/2024
Since at least 11/06/2024
11/06/2024
UAT-5394 linked to Kimsuky
Undisclosed organization(s)
Researchers at Cisco Talos discover a new remote access trojan called MoonPeak, variant of XenoRAT, used in a new campaign by UAT-5394,a state-sponsored North Korean threat actor.
Malware
Unknown
Cyber Espionage
Unknown
UAT-5394, Kimsuky, Cisco Talos, MoonPeak, North Korea, XenoRAT
34
21/08/2024
–
–
Multiple threat actors
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2021-33044 Dahua IP Camera Authentication Bypass Vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2021-33044 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2021-33044, Dahua IP Camera, Authentication Bypass, Known Exploited Vulnerabilities, KEV
35
21/08/2024
–
–
Multiple threat actors
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2021-33045 Dahua IP Camera Authentication Bypass Vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2021-33045 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2021-33044, Dahua IP Camera, Authentication Bypass, Known Exploited Vulnerabilities, KEV
36
21/08/2024
–
–
Multiple threat actors
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2022-0185 Linux Kernel Heap-Based Buffer Overflow, to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2022-0185 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2022-0185, Linux Kernel Heap-Based Buffer Overflow, Known Exploited Vulnerabilities, KEV
37
21/08/2024
–
–
Multiple threat actors
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2021-31196 Microsoft Exchange Server Information Disclosure Vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2021-31196 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2021-31196, Microsoft Exchange, Server Information Disclosure, Known Exploited Vulnerabilities, KEV
38
21/08/2024
21/08/2024
21/08/2024
?
McDonald’s Instagram page
Scammers hack the official McDonald’s Instagram page and make off with over $700,000 in Solana after using the fast food giant’s social media page to promote and rug a memecoin called “Grimace.”
Account Takeover
Accommodation and food service
Cyber Crime
US
McDonald, Instagram, Solana, Grimace
39
21/08/2024
21/08/2024
21/08/2024
RansomHub
Halliburton
Halliburton, one of the world’s largest providers of services to the energy industry, confirms a cyberattack that forced it to shut down some of its systems earlier this week.
Ransomware
Electricity, gas steam, air conditioning
Cyber Crime
US
Halliburton, Ransomware, RansomHub
40
21/08/2024
21/08/2024
21/08/2024
?
DICK’S Sporting Goods
DICK’S Sporting Goods, the largest chain of sporting goods retail stores in the United States, discloses that confidential information was exposed in a cyberattack.
Unknown
Wholesale and retail
Cyber Crime
US
DICK’S Sporting Goods
41
21/08/2024
21/08/2024
21/08/2024
SYSTEMADMINBD
Zee Media Corporation Limited
A group of Bangladeshi hacktivists, operating under the alias “SYSTEMADMINBD,” defaces the official website of Zee Media Corporation Limited, accusing the media giant of ‘making fun of the situation in Bangladesh,’ referring to the ongoing floods caused by heavy rainfall.
Defacement
Information and communication
Hacktivism
IN
India, Bangladesh, SYSTEMADMINBD, Zee Media Corporation Limited
42
22/08/2024
‘Recently’
‘Recently’
Qilin
Undisclosed organization(s)
Researchers at Sophos reveal that the Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser.
Ransomware
Unknown
Cyber Crime
Unknown
Sophos, Qilin, Ransomware, Google Chrome
43
22/08/2024
Between November 2023 and March 2024
–
?
Customers of three banks in Czechia
Researchers at ESET discover NGate, a new Android malware steals payment card data using an infected device’s NFC reader and relays it to attackers.
Malware
Finance and insurance
Cyber Crime
CZ
GE
HU
ESET, NGate, Android
44
22/08/2024
Since July 2024
Since July 2024
APT41
Government agencies in Taiwan
Military in the Philippines
Energy organizations in Vietnam
Researchers at NTT discover a wave of attacks, carried out by the Chinese state-sponsored threat group APT41 relying on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows and ends with the deployment of a CobaltStrike beacon.
Targeted Attack
Multiple Industries
Cyber Espionage
PH
TW
VN
NTT, APT41, AppDomain Manager Injection, Microsoft .NET, CobaltStrike
45
22/08/2024
–
–
?
Undisclosed organization(s)
Researchers at Mandiant uncover PEAKLIGHT, a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders.
Malware
Unknown
Cyber Crime
Unknown
Mandiant, PEAKLIGHT
46
22/08/2024
–
08/08/2024
Everest Team
Horizon View Medical Center
The Everest ransomware team lists on its data leak site the Nevada-based Horizon View Medical Center and claims to have stolen medical record information, including test results and other sensitive patient data.
Ransomware
Human health and social work
Cyber Crime
US
Everest, Ransomware, Horizon View Medical Center
47
22/08/2024
‘Recently’
‘Recently’
?
Multiple organizations
Researchers at Malwarebytes detect a new malware campaign targeting a number of online stores running Magento, a popular e-commerce platform.
Malicious Script Injection
Wholesale and retail
Cyber Crime
>1
Malwarebytes, Magento
48
22/08/2024
‘Recently’
‘Recently’
?
Multiple organizations
Researchers at Sucuri discover a campaign exploiting WordPress websites to distribute the ClearFake Malware.
Malware
Multiple Industries
Cyber Crime
>1
Sucuri, WordPress, ClearFake
49
22/08/2024
–
–
?
Individuals
Scammers attempt to make money from the funeral of one of the victims of the Southport knife attacks.
Scam
Individual
Cyber Crime
GB
Southport knife attacks
50
22/08/2024
06/07/2024
16/08/2024
?
Pidgin users
The Pidgin messaging app removes the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware (including DarkGate) commonly used to gain initial access to corporate networks.
Malware
Individual
Cyber Crime
>1
Pidgin, ScreenShareOTR, DarkGate
51
22/08/2024
‘Recently’
‘Recently’
?
VPN Users
Researchers at Cyble uncover a sophisticated phishing campaign leveraging the “Cheana Stealer” malware, distributed via a fake WarpVPN phishing site, and targeting users across various operating systems, including Windows, Linux, and macOS.
Fur Affinity, a popular social networking website for the furry community, is compromised, after threat actors successfully gained control of the website’s domain, redirecting users to phishing sites, crypto scams and other malicious content.
DNS Hijacking
Arts entertainment, recreation
Cyber Crime
US
Fur Affinity
53
22/08/2024
24/10/2023
29/10/2023
?
Medical Center Barbour
Medical Center Barbour, a small rural Alabama hospital notifies more than 61,000 patients that their sensitive information was potentially compromised in an October 2023 hacking incident.
Unknown
Human health and social work
Cyber Crime
US
Medical Center Barbour
54
22/08/2024
–
13/05/2024
?
City of St. Helena
The city of St. Helena notifies 975 people that a May data breach exposed their personal information.
Unknown
Public admin and defence, social security
Cyber Crime
US
City of St. Helena
55
23/08/2024
–
–
?
U.S. government organizations
Researchers at ANY.RUN identify a new campaign using the Tycoon 2FA phishing kit, targeting US government organizations with fake Microsoft pages.
Account Takeover
Public admin and defence, social security
Cyber Crime
US
ANY.RUN, Tycoon 2FA, Microsoft
56
23/08/2024
Since early 2024
End of 2023
Cthulhu (a.k.a Balaclavv)
Multiple organizations
Researchers at Cado Security uncover a new information stealer, dubbed Cthulhu Stealer, designed to target Apple macOS hosts and harvest a wide range of information.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2024-39717 Versa Director Dangerous File Type Upload Vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2024-39717 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2024-39717, Versa Director, Dangerous File Type Upload Vulnerability, Known Exploited Vulnerabilities, KEV
58
23/08/2024
‘Over the last few months’
‘Over the last few months’
?
Individuals
Researchers at Malwarebytes discover scammers active on Facebook that prey on bereaved people by using stolen images and phony funeral live stream links to steal money and/or credit card details.
Scam
Individual
Cyber Crime
>1
Malwarebytes, Facebook, funeral, scam
59
23/08/2024
–
–
APT42, a.k.a. Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda
Individuals in Israel, Palestine, Iran, the U.K., and the U.S, including some associated with administrations of President Biden and former President Trump
Researchers at Meta expose the activities of APT42, an Iranian state-sponsored threat actor, who used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S, including some associated with administrations of President Biden and former President Trump.
Account Takeover
Individual
Cyber Espionage
GB
IL
IR
PS
US
APT42, Charming Kitten, Damselfly, Mint Sandstorm, Phosphorus, TA453, Yellow Garuda, Iran, President Biden, President Trump
60
23/08/2024
–
–
Bling Libra (a.k.a. ShinyHunters)
Undisclosed organization
Researchers at Palo Alto Networks reveal that the Bling Libra group is now embracing extortion-based attacks as it continues to target cloud environments with legitimate credentials.
Misconfiguration
Unknown
Cyber Crime
Unknown
Palo Alto Networks, Bling Libra, ShinyHunters
61
23/08/2024
‘Recently’
‘Recently’
?
Organizations in North Korea
Researchers at AhnLab discover an ongoing campaign targeting South Korean users, leveraging spear-phishing and vulnerable Microsoft Exchange servers to deliver reverse shells, backdoors, and VNC malware to gain control of infected machines and steal credentials stored in web browsers, including a backdoor named noMu.
Malware
Multiple Industries
Cyber Crime
KR
AhnLab, Microsoft Exchange, VNC, noMu
62
23/08/2024
During 2024
During 2024
FAMOUS CHOLLIMA
More than 100 unique companies over the past year, most of which are located in the U.S., Saudi Arabia, France, the Philippines, and Ukraine in the aerospace, defense, retail and technology space
Researchers at Crowdstrike expose how North Korea-Nexus adversary FAMOUS CHOLLIMA leverages falsified and stolen identity documents, enabling malicious nation-state attackers to gain employment as remote I.T. personnel, exfiltrate data and perform espionage undetected.
Insider threat
Multiple Industries
Cyber Crime
Cyber Espionage
FR
PH
SA
UA
US
Crowdstrike, North Korea, FAMOUS CHOLLIMA
63
23/08/2024
29/05/2023
30/07/2024
Cl0p
Texas Dow Employees Credit Union
Texas Dow Employees Credit Union (TDECU) notifies over 500,000 individuals that their personal information was compromised in the MOVEit campaign last year.
Researchers at Cyfirma discover a new malware dubbed “Angry Stealer” that steals personal data from unsuspecting users and is a rebranded version of the infamous “Rage Stealer.”
Malware
Multiple Industries
Cyber Crime
>1
Cyfirma, Angry Stealer, Rage Stealer
65
24/08/2024
24/08/2024
24/08/2024
?
Seattle-Tacoma International Airport
The Seattle-Tacoma International Airport confirms that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend.
Unknown
Transportation and storage
Cyber Crime
US
Seattle-Tacoma International Airport
66
26/08/2024
–
–
?
Individuals in the U.S.
Researchers at Malwarebytes discover a Microsoft support scam carried out via Google ad.
Scam
Individual
Cyber Crime
US
Malwarebytes, Microsoft support, Google ad
67
26/08/2024
–
–
?
Individuals in the U.S.
Researchers at Malwarebytes discover an additional Microsoft support scam carried out via Google ad and abusing the Microsoft search feature.
Scam
Individual
Cyber Crime
US
Malwarebytes, Microsoft support, Google ad
68
26/08/2024
‘In recent months’
‘In recent months’
?
Drivers in Illinois, Florida, North Carolina and Washington
Researchers at Symantec warn of text scams that send drivers fake bills for highway tolls.
Scam
Individual
Cyber Crime
US
Symantec, Illinois, Florida, North Carolina, Washington
69
26/08/2024
–
–
?
Undisclosed organization(s)
Google reveals that it patched CVE-2024-7965, the tenth zero-day exploited in the wild in 2024, targeting the Google Chrome’s V8 JavaScript engine.
CVE-2024-7965 Vulnerability
Unknown
Unknown
Unknown
Google, CVE-2024-7965, Chrome, V8 JavaScript
70
26/08/2024
–
–
?
Multiple organizations
Researchers at SlashNext reveal that threat actors are exploiting Unicode QR codes in a new wave of phishing attacks.
Account Takeover
Multiple Industries
Cyber Crime
>1
SlashNext, Unicode QR phishing
71
26/08/2024
–
–
APT-Q-12
Organizations across China, North Korea, Japan, South Korea, and other East Asian countries.
Researchers at QiAnXin disclose the details of a sophisticated cyber espionage campaign dubbed “Operation DevilTiger,” orchestrated by the APT-Q-12 group, also known as “Pseudo Hunter.”
Park’N Fly warns that a data breach exposed the personal and account information of 1 million customers in Canada after threat actors breached its network.
Account Takeover
Transportation and storage
Cyber Crime
CA
Park’N Fly
73
26/08/2024
10/04/2024
13/04/2024
BlackSuit
Young Consulting (now Connexure)
Young Consulting sends data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024.
Ransomware
Professional, scientific and technical
Cyber Crime
US
Young Consulting, Connexure, BlackSuit, ransomware
74
27/08/2024
‘Recently’
‘Recently’
Razr
Multiple organizations
Researchers at ANY.RUN uncover a ransomware campaign where attackers are exploiting the PythonAnywhere cloud platform to host and distribute the Razr ransomware.
Ransomware
Multiple Industries
Cyber Crime
>1
ANY.RUN, PythonAnywhere, Razr, Ransomware.
75
27/08/2024
–
–
Multiple threat actors
Undisclosed organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2024-38856, a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2024-38856 Vulnerability
Unknown
Unknown
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2024-38856, Apache OFBiz, Known Exploited Vulnerabilities, KEV
76
27/08/2024
During July 2024
During July 2024
?
Multiple organizations
Researchers at Netskope discover a campaign exploiting Microsoft Sway to target Microsoft 365 users.
Account Takeover
Multiple Industries
Cyber Crime
>1
Microsoft Sway
77
27/08/2024
Since 26/06/2024
–
?
Over 130 US organizations in various industry verticals
Researchers at Guidepoint discover a sophisticated phishing campaign using support scam and fake VPN login pages.
Account Takeover
Multiple Industries
Cyber Crime
US
Guidepoint, VPN
78
27/08/2024
Since at least June 2024
During June 2024
?
Users of Chinese instant messaging apps like DingTalk and WeChat
Researchers at Kaspersky discover a campaign targeting users of Chinese instant messaging apps like DingTalk and WeChat with an Apple macOS version of a backdoor named HZ RAT.
Malware
Individual
Cyber Crime
CN
DingTalk, WeChat, Kaspersky, Apple macOS, HZ RAT
79
27/08/2024
During the Summer
During the Summer
?
Canvey Island Infant School
Canvey Island Infant School says its IT system has been compromised after being hit by a cyber attack during the summer holiday.
Unknown
Education
Cyber Crime
GB
Canvey Island Infant School
80
28/08/2024
From mid-June to the end of July, 2024
From mid-June to the end of July, 2024
?
Multiple organizations
Researchers at Trend Micro reveal that threat actors are actively exploiting CVE-2023-22527, a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances.
CVE-2023-22527 Vulnerability
Multiple Industries
Cyber Crime
>1
Trend Micro, CVE-2023-22527, Atlassian Confluence Data Center, Atlassian Confluence Server
81
28/08/2024
–
–
APT-C-60
Multiple organizations in East Asian countries
Researchers at ESET reveal a new cyber-espionage campaign linked to the South Korean APT-C-60, in which a novel remote code execution (RCE) vulnerability in WPS Office for Windows (CVE-2024-7262) is exploited to deploy the custom backdoor SpyGlace.
CVE-2024-7262 Vulnerability
Multiple Industries
Cyber Espionage
>1
ESET, South Korea, APT-C-60, RCE, WPS Office for Windows, CVE-2024-7262, SpyGlace
82
28/08/2024
Between April and July 2024
Between April and July 2024
APT33 (a.k.a. Peach Sandstorm and Refined Kitten)
Multiple organizations
Researchers at Microsoft expose an operation by the APT33 Iranian hacking group, using a new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates.
Researchers at Cisco Talos observe the BlackByte ransomware brand employing new techniques in addition to those previously noted, including the CVE-2024-37085 VMware ESXi vulnerability, leading the researchers to believe that the operation has been considerably more active than previously assumed.
Pioneer Kitten (a.k.a. Fox Kitten, UNC757, and Parisite)
Defense, education, finance, and healthcare organizations across the United States, Azerbaijan, and Israel
The CISA, the FBI, and the Defense Department’s Cyber Crime Center warn that the Iran-based group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations, including NoEscape, Ransomhouse, and ALPHV a.k.a. BlackCat, to extort the victims.
Ransomware
Multiple Industries
Cyber Crime
AZ
IL
US
Pioneer Kitten, Fox Kitten, UNC757, Parisite, CISA, FBI, Defense Department’s Cyber Crime Center, Iran, NoEscape, Ransomhouse, ALPHV, BlackCat, ransomware
85
28/08/2024
–
–
?
Individuals in the U.S.
Researchers from Hyas discover a phishing campaign targeting the U,S. donors with fake donation sites.
Scam
Individual
Cyber Crime
US
Hyas, U.S. elections
86
28/08/2024
‘In recent months’
‘In recent months’
?
Multiple organizations
Researchers at Ontinue discover a new variant of the LummaC2 infostealer with obfuscated PowerShell tactics.
Malware
Multiple Industries
Cyber Crime
>1
Ontinue, LummaC2, PowerShell
87
28/08/2024
Since December 2023
18/03/2024
?
Multiple organizations
Researchers at Akamai discover a botnet campaign that is abusing several previously exploited vulnerabilities, as well as CVE-2024-7029, a zero-day vulnerability targeting the AVM1203 surveillance device from Taiwan-based manufacturer AVTECH, to install the Corona Mirai botnet variant.
Researchers at BlueVoyant uncover a focused campaign targeting the advanced manufacturing sector, aimed to steal Microsoft credentials, by spoofing Microsoft’s login page, to phish for potentially compromising sensitive information.
Account Takeover
Manufacturing
Cyber Crime
>1
BlueVoyant, Microsoft
89
28/08/2024
‘Recently’
‘Recently’
?
Multiple organizations
Researchers at Fortinet discover a campaign delivering a new variant of the Snake Keylogger (a.k.a. “404 Keylogger” or “KrakenKeylogger”)
Researchers at ThreatFabric discover a new Android malware dubbed Rocinante (a.k.a. “Pegasus” or “PegasusSpy”) targeting several banking institutions in Brazil.
Non-profit organization supporting Vietnamese human rights
Researchers at Huntress reveal that a non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts carried out by the Vietnamese threat actor APT32
Banham Poultry, based in Attleborough, said criminals had remotely accessed its system in the early hours of 18 August, stealing the personal details of the staff.
Unknown
Accommodation and food service
Cyber Crime
GB
Banham Poultry
93
29/08/2024
05/08/2024
05/08/2024
?
Multiple organizations
Researchers at Proofpoint discover a new malware campaign spreading a previously undocumented backdoor named “Voldemort” to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia.
Malware
Multiple Industries
Cyber Crime
DE
FR
IN
IT
JP
UK
US
Proofpoint, Voldemort
94
29/08/2024
12/08/2024
12/08/2024
Threat actors with ties to North Korea (Moonstone Sleet)
Developers using npm
Researchers at Phylum reveal that threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, inside a campaign dubbed “Contagious Interview” targeting developers with malware and steal cryptocurrency assets.
Malware
Fintech
Cyber Crime
>1
Phylum, North Korea, npm, Threat actors, Moonstone Sleet, Contagious Interview
95
29/08/2024
–
–
?
Organizations in Middle East
Researchers at Trend Micro discover a campaign targeting Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further.
Malware
Multiple Industries
Cyber Crime
>1
Trend Micro, Palo Alto GlobalProtect, PowerShell
96
29/08/2024
–
–
?
Chinese-speaking users
Researchers at Securonix uncover SLOW#TEMPEST, a campaign targeting Chinese-speaking users with Cobalt Strike payloads.
Malware
Multiple Industries
Cyber Crime
CN
Securonix, SLOW#TEMPEST, Cobalt Strike
97
29/08/2024
Since August 2023
Since August 2023
?
Roblox developers
Researchers at Checkmarx uncover a persistent malware campaign targeting Roblox developers through malicious NPM packages.
Malware
Arts entertainment, recreation
Cyber Crime
>1
Checkmarx, Roblox, NPM
98
29/08/2024
Between November 2023 and July 2024
Between November 2023 and July 2024
APT29 a.k.a. Midnight Blizzard, BlueBravo
Websites run by the Mongolian government
Researchers at Google uncover an espionage campaign against websites run by the Mongolian government, attributing the operation to tneRussia-backed threat group APT29, using exploits previously deployed by commercial surveillance vendors Intellexa and NSO Group.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
MN
APT29, Midnight Blizzard, BlueBravo, Google, Intellexa, NSO Group
99
29/08/2024
02/06/2024
21/06/2024
?
CBIZ Benefits & Insurance Services
CBIZ Benefits & Insurance Services (CBIZ) discloses a data breach that involves unauthorized access of client information stored in specific databases.
Vulnerability
Administration and support service
Cyber Crime
US
CBIZ Benefits & Insurance Services
100
29/08/2024
During 2024
During 2024
?
Individuals in multiple countries, including Canada, Mexico, France, Italy, Turkey, Czechia, Singapore, Kazakhstan and Uzbekistan.
Researchers at Palo Alto Networks discover dozens of scam campaigns using deepfake videos featuring the likeness of various public figures, including CEOs, news anchors and top government officials.
Scam
Individual
Cyber Crime
CA
CZ
FR
IT
KZ
MX
SG
UZ
>1
Palo Alto Networks
101
29/08/2024
12/05/2024
27/08/2024
?
Fota Wildlife Park
People who purchased tickets to visit Fota Wildlife Park in Cork, Ireland, are warned to cancel their bank cards following the discovery of a cyberattack that may have exposed the data on those cards.
Unknown
Arts entertainment, recreation
Cyber Crime
IE
Fota Wildlife Park
102
29/08/2024
–
–
?
NHS
Several NHS staff in Scotland have had their mobile phone numbers revealed in a cyber security incident involving a third-party supplier to several health boards.
Unknown
Human health and social work
Cyber Crime
GB
NHS
103
30/08/2024
–
–
?
Multiple organizations
Researchers at Trend Micro observe a new attack vector of weaponization for the vulnerability CVE-2023-22527, targeting Atlassian Confluence Server, using the Godzilla backdoor.
CVE-2023-22527 Vulnerability
Multiple Industries
Cyber Crime
>1
Trend Micro, CVE-2023-22527, Atlassian Confluence Data Center, Atlassian Confluence Server, Godzilla
104
30/08/2024
25/06/2024
25/06/2024
Cicada3301
Multiple organizations
Researchers from Truesec reveal the details of Cicada3301, a new ransomware-as-a-service operation.
Researchers at Microsoft reveal that the North Korea-linked group Citrine Sleet has exploited the recently patched Google Chrome zero-day CVE-2024-7971 to deploy the FudModule rootkit.
CVE-2024-7971 Vulnerability
Fintech
Cyber Crime
>1
Microsoft, North Korea, Citrine Sleet, AppleJeus, Labyrinth Chollima, UNC4736, Hidden Cobra, Google Chrome, CVE-2024-7971, FudModule
106
30/08/2024
Since early July 2023
Early July 2023
RomCom a.k.a. Storm-0978
Multiple organizations
Researchers at Fortinet reveal the details of a new ransomware variant dubbed Underground, inked to the Russia-based RomCom group (a.k.a. Storm-0978), and exploiting the CVE-2023-36884 Microsoft Office and Windows HTML RCE vulnerability.
Ransomware
Multiple Industries
Cyber Crime
>1
RomCom, Storm-0978, Fortinet, ransomware, Underground, CVE-2023-36884, Microsoft Office and Windows HTML RCE
107
30/08/2024
–
–
?
Australian Cancer Research Foundation
The Australian Cancer Research Foundation (ACRF) sent an email to its donors late on Friday afternoon, 30 August, warning them of a “data security incident”.
Business Email Compromise
Human health and social work
Cyber Crime
AU
Australian Cancer Research Foundation
108
31/08/2024
Since at least 28/08/2024
28/08/2024
?
Multiple organizations
GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments.
Trusted source for breaking news and journalism.
Avice News Trust is a leading media organization dedicated to delivering reliable news coverage and journalism. As a digital news platform, we focus on breaking news, current events, and in-depth news reporting. Our commitment to media trust ensures our audience receives accurate and timely updates. Explore a wide range of news articles and stay informed with Avice News Trust, your dependable news network.
