Researchers found new activity conducted by "TeamTNT" dating back to 2023, even though the group was believed to have disappeared in 2022. TeamTNT carried out numerous cryptojacking attacks, using victims' Information Technology (IT) resources to mine cryptocurrency illegally. According to Group-IB, the threat actor emerged in 2019 with its "homebrewed" malware involving an advanced toolkit of shell scripts and malicious binaries. The group's cryptojacking campaigns would target vulnerable public instances of "Redis," "Kubernetes" and "Docker" to steal credentials and install backdoors.

Fake human verification pages are tricking Windows users into installing malware. Palo Alto Networks' Unit 42 found seven fake CAPTCHA-style human verification pages in late August 2024. After clicking a button on these pages, victims are instructed to paste a PowerShell script into a Run window. According to Unit 42 threat hunter Paul Michaud II, this copy/paste PowerShell script retrieves and runs a Windows EXE for the "Lumma Stealer" malware. This article continues to discuss findings regarding malware delivery through fake human verification pages.

A new phishing campaign is using GitHub repositories to spread the "Lumma Stealer" password-stealing malware to those who frequent or receive email notifications from an open source project repository. It involves a malicious GitHub user opening a new "issue" on an open source repository, claiming that the project has a "security vulnerability," and encouraging others to visit a counterfeit "GitHub Scanner" domain. The domain is actually not associated with GitHub and lures users into installing Windows malware.

According to SpyCloud's "2024 Malware and Ransomware Defense Report," ransomware attacks often use data stolen through previous infostealer infections, emphasizing the need to remediate all malware infections thoroughly. Based on a survey of over 500 security professionals, almost a third of ransomware attacks were preceded by an infostealer attack in the past three months. In addition to credentials, infostealer malware can steal session cookies to sidestep Multi-Factor Authentication (MFA) and hijack accounts.

Researchers at the University of Missouri are developing a Virtual Reality (VR) platform named "USucceed" to help teach cybersecurity to people with autism, dyslexia, attention deficit disorders, and other neurodevelopmental differences. Noah Glaser, an assistant professor and director of the Information Experience Laboratory in Mizzou's College of Education and Human Development, explained that the platform serves two critical functions, the first of which aims to meet the growing demand for a skilled cybersecurity workforce.

Cybersecurity researchers at the Georgia Institute of Technology (Georgia Tech) seek to identify "abnormal" and "illogical" control system commands suggesting the presence of insider threats or malicious attackers. They are doing so by gaining further insight into what are considered "normal" operations within electric power systems. Understanding normal operations and detecting suspicious activities will rely on using Artificial Intelligence (AI) to understand what the complex grid systems usually do and to identify actions that logically should not happen.

Researchers at North Carolina State University are conducting a project to raise awareness among young students about the safety risks that come with being online, as well as prepare elementary school teachers to teach cybersecurity topics. The project, funded by a National Science Foundation (NSF) DRK-12 grant and conducted in collaboration with the University of Delaware, will develop and test a professional development program that will support teachers in integrating cybersecurity lessons into fourth and fifth-grade math and science instruction.

Researchers at watchTowr showed the ability to seize part of the Internet's infrastructure for just $20, bringing attention to the fragility of the trust and cybersecurity mechanisms that organizations and users depend on. While looking for Remote Code Execution (RCE) vulnerabilities in WHOIS clients, the researchers found that the WHOIS server for the .mobi Top Level Domain (TLD) (for mobile-optimized sites) had migrated years ago from "whois.dotmobiregistry.net" to "whois.nic.mobi".

Apple has patched its Vision Pro Mixed Reality (MR) headset after researchers showed that an attacker could track a user's eyes to infer what they are typing. Vision Pro users can type by using a virtual keyboard and looking at each of the keys they want to press. "GAZEploit," an attack method shown by a team of researchers from the University of Florida and Texas Tech University, can be used to guess what a Vision Pro user is typing by tracking their avatar's eye movement. This article continues to discuss Apple's patching of Vision Pro following researchers' GAZEploit demonstration.