Three men pleaded guilty in a British court to running an online criminal service called "OTPAgency," advertised to evade Multi-Factor Authentication (MFA) defenses for banks such as HSBC, Lloyds, and Monzo. They were the administrators of OTPAgency, a subscription-based service that helps fraudsters socially engineer targets, obtain One-Time Passcodes (OTPs), drain victims' bank accounts, and more. The service targeted the information of over 12,500 people. This article continues to discuss the automated service that helped subscribers trick victims into sharing OTPs.

The US Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has made a Request for Information (RFI) from commercial port operators in order to advance the Directorate's Maritime Port Resiliency and Security Research Testbed project. This project explores vulnerabilities in US ports as well as the effectiveness of current protections and mitigations. S&T will use the information it receives to make actionable cybersecurity recommendations for the maritime port industry.

A new report by the Atlantic Council's Cyber Statecraft Initiative and researchers at American University highlights that spyware vendors can evade sanctions partly because of a complex network of interrelated entities and different jurisdictions. Hack-for-hire services and spyware tools have come under fire in recent months as many countries use them to bolster their legal response to human rights and security violations. This article continues to discuss the spyware landscape and the Atlantic Council's anti-spyware policy recommendations.

"Tropic Trooper," a China-linked Advanced Persistent Threat (APT) group, is conducting an espionage campaign targeting government entities in the Middle East. The group itself has targeted government, healthcare, transportation, and high-tech sectors in Taiwan, the Philippines, and Hong Kong since 2011. Their current effort began in June 2023, targeting government entities that publish human rights studies in the Middle East related to the Israel-Hamas war.

Researchers have discovered a new Go language-based backdoor called "KTLVdoor" that targets Windows and Linux systems and is linked to the Chinese-speaking threat actor named "Earth Lusca." Earth Lusca has been active since at least April 2019, targeting organizations in different industries worldwide. The group has used KTLVdoor to run commands, manipulate files, scan remote ports, and more. This article continues to discuss findings regarding KTLVdoor and its link to the Earth Lusca group.

"SpyAgent," a new Android malware, steals cryptocurrency wallet recovery phrases from screenshots on a mobile device using Optical Character Recognition (OCR) technology. Cryptocurrency recovery phrases, or seed phrases, serve as a cryptocurrency wallet backup key. These phrases restore access to a user's cryptocurrency wallet and its funds if they lose a device, corrupt data, or want to transfer it to a new device. Threat actors can use it to restore a victim's wallet on their own devices and steal all the funds stored within it.

Multiple campaigns have exploited a recently disclosed OSGeo GeoServer GeoTools security flaw to deliver cryptocurrency miners, botnet malware, and a backdoor. The critical Remote Code Execution (RCE) bug enables malicious actors to take over vulnerable instances. Due to its active exploitation, the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) catalog in mid-July. This article continues to discuss the exploitation of a security vulnerability in OSGeo GeoServer GeoTools.