InfoSecBulletin Cybersecurity for mankind
Another day, another new round of supply chain attacks launched via malicious Python packages. Researchers observed over 30 new malicious PyPI packages, some of which were designed to credit card details, crypto wallet information, and login credentials. Moving on, a concerning development in BEC attacks has emerged; scammers are adopting a new tactic by impersonating executives and engaging in email thread replies, pressuring employees into making payments for fraudulent invoices. A Golang variant of the Cobalt Strike beacon is also in the headline for its ability to target macOS devices. Read along to know what else happened in the last 24 hours.
01
Fortinet Researchers reported new supply chain attacks launched via malicious Python packages. Some of these packages were designed to steal credit card details, wallet info, and login credentials via a Discord webhook.
02
A brand new type of BEC attack, called ‘VIP Invoice Authorization Fraud,’ impersonates senior executives working in the finance department to trick employees into paying for a fake invoice. To make it look legitimate, fraudsters reply to the email thread and instruct recipients to pay as soon as possible.
03
The U.S. Department of Transportation is investigating a data breach that affected the personal information of 237,000 current and former federal government employees. The breach occurred within the systems supporting the TRANServe program.
04
Kiddowares’ Parental Control-Kids Place app for Android, which has around 5 million downloads on Google Play Store, is impacted by several vulnerabilities that could lead to the risk of arbitrary code execution and credential harvesting attacks.
05
Researchers linked the Chinese Camaro Dragon APT with a new cyberattack campaign targeting European foreign affairs entities. The attack was carried out using a malicious firmware implant for TP-Link routers which allowed attackers to gain full control of devices.
06
A Golang variant of Cobalt Strike beacon, dubbed Geacon, is being widely used to target macOS devices. Researchers have found two cases of Geacon deployment between April 5 and April 11.
07
Threat actors impersonated Suncorp Bank in an attempt to steal users’ login credentials. The recipients were sent emails that included a link to the fake landing page of the bank.
08
Water Orthrus, threat actors behind the CopperStealer malware, resurfaced with two new malware—CopperPhish and CopperStealth—to target users globally. While CopperPhish steals credit card information, CopperStealth uses a rootkit to install malware on infected systems.
09
Critical vulnerabilities found in Teltonika products could expose thousands of industrial organizations to remote attacks. The flaws exist in the company’s RUT241 and RUT955 cellular routers, as well as the Teltonika Remote Management System (RMS).
10
Managed Detection and Response (MDR) platform provider Huntress raised $60 million in a Series C round of funding led by Sapphire Ventures in association with JMI Equity and Forgepoint Capital.
