The US cybersecurity agency CISA recently warned that a fresh critical-severity vulnerability in SolarWinds Web Help Desk has been exploited in attacks.  The bug is tracked as CVE-2024-28986 (CVSS score of 9.8) and is described as a Java deserialization remote code execution (RCE) issue that could allow attackers to run commands on the host machine.  This week, SolarWinds announced a hotfix addressing the vulnerability and noted that authentication is required for successful exploitation without mentioning its in-the-wild exploitation.

Researchers have discovered a sophisticated information stealer campaign that distributes "DanaBot" and "StealC" malware by impersonating legitimate brands. Russian-speaking cybercriminals, collectively codenamed "Tusk," are behind several sub-campaigns that exploit different platforms' reputation to trick users into downloading malware via fake websites and social media accounts. All of the sub-campaigns use Dropbox to host the initial downloader, which delivers additional malware samples to the victim's machine.

Palo Alto Networks found a threat actor extorting organizations after compromising their cloud environments using accidentally exposed environment variables. The researchers warn that the large-scale extortion campaign has targeted 110,000 domains using exposed .env files with sensitive data on unsecured web applications and misconfigured servers. These files enable organizations to define configuration variables for their web applications, often including hard-coded access keys for cloud services, Software-as-a-Service (SaaS) Application Programming Interface (API) keys, and more.

According to Radware, Distributed Denial-of-Service (DDoS) attacks increased by 265 percent in the first half of 2024 compared to the same period in 2023. From H2 2023 to H1 2024, application-layer Domain Name System (DNS) DDoS activity tripled, while locked network-layer DDoS attacks increased by 16 percent. The researchers cited rising global geopolitical tensions as a significant driver of this trend, with hacktivist groups claiming between 1,000 and 1,200 DDoS attacks monthly in the first half of 2024. This article continues to discuss key findings from Radware's DDoS threat review.

Cybercriminals are advertising a new macOS malware that they claim is capable of stealing a wide range of data from compromised systems.  The malware is called Banshee Stealer and is believed to have been developed by Russian threat actors.  The malware is advertised on cybercrime forums for $3,000 per month.  Researchers at Elastic Security Labs analyzed the new macOS malware.

Independent researcher Matt Burch presented findings on "financial" or "enterprise" ATMs used in banks and other large institutions at the DEF CON hacking conference. Burch highlighted six flaws in ATM-maker Diebold Nixdorf's widely used security solution, Vynamic Security Suite (VSS). The vulnerabilities, which the company says are now patched, could have enabled attackers to bypass an unpatched ATM's hard drive encryption and gain complete control of the machine.