The Mandiant Managed Defense team has discovered an increase in malware infections caused by malvertising campaigns that distribute a loader named "FakeBat," also known as "EugenLoader" and "PaykLoader." The researchers consider these attacks "opportunistic," as they are aimed at users looking to download popular business software. The infection involves a trojanized MSIX installer that runs a PowerShell script to download a secondary payload.

New York City-based nonprofit healthcare organization Jewish Home Lifecare has recently revealed that a data breach disclosed earlier this year impacted more than 100,000 individuals.

"Xeon Sender," a cloud-based tool, helps attackers launch large-scale SMS spam and phishing campaigns using legitimate Software-as-a-Service (SaaS) providers. The tool, which is distributed via Telegram and different hacking forums, makes it easier to send bulk SMS messages by using valid Application Programming Interface (API) credentials from Amazon SNS, Twilio, and other popular service providers. This article continues to discuss findings regarding the Xeon Sender tool.

Researchers at Gen Threat Labs have linked the exploitation of one of the zero-days recently patched by Microsoft to North Korea's "Lazarus" Advanced Persistent Threat (APT) group. The vulnerability marked as "actively exploited" by Microsoft enables SYSTEM privileges on the latest Windows operating systems. Gen Threat Labs posted a note connecting the exploitation to Lazarus through the use of the "FudModule" rootkit, previously documented by Avast as part of the Lazarus APT toolkit.

The Oregon Zoo recently notified roughly 118,000 individuals that their names and payment card information were stolen from its online ticketing service.  The incident was identified on June 26, resulting in names, payment card numbers, CVVs, and expiration dates being exfiltrated.  The zoo noted that transactions processed between December 20, 2023, and June 26, 2024, were likely affected.  According to the zoo, threat actors redirected transactions from the third-party vendor that processed online ticketing purchases for Oregon Zoo.

The City of Flint, Michigan, is trying to restore network systems impacted by an August 14 ransomware attack that knocked some of its online services offline.  The city noted that the attack impacted the city’s payment and communication services but did not affect emergency services, including 911, dispatch, law enforcement, and fire operations.  BS&A, the city’s billing system, was disrupted, preventing online or credit card transactions for water, sewer, and tax payments.

According to researchers at Cisco Talos, eight Microsoft apps for macOS are vulnerable to library injection attacks that could enable adversaries to breach sensitive data. Affected Microsoft apps include Microsoft Teams, Outlook, PowerPoint, and Word. Attackers could bypass macOS' permission model using app permissions without the need for additional user verification. Through this, attackers could send emails from the user account, record audio, and more.

National Public Data (NPD) has recently confirmed that it is suffering a data breach following reports of 2.9 billion personal information records being compromised, but the company has recently announced that the incident only affects 1.3 million people in the US.  The information that was suspected of being breached included names, email addresses, phone numbers, social security numbers, and mailing addresses.

Researchers at Graz University of Technology (TU Graz) analyzed smartphones from ten manufacturers, finding that the Android kernels used are vulnerable to "one-day exploits" despite the implementation of protection mechanisms. Only 29 to 55 percent of the 994 smartphones tested by the research team could prevent attacks, depending on manufacturer and model. In contrast, the Generic Kernel Image (GKI) version 6.1 provided by Google could prevent about 85 percent of attacks. In comparison to the GKI, manufacturer kernels were up to 4.6 times worse at defending against attacks.

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have jointly released a Public Service Announcement (PSA) titled "Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting." It is the latest in their PSA series aimed at putting potential cyber-related election day disruptions during the 2024 election cycle into context for the American people.