Security researchers at ESET have recently identified a new China-aligned threat group named CeranaKeeper, which is targeting governmental institutions in Thailand.  This group has been active since early 2022 and leverages an evolving toolset to exfiltrate sensitive data by abusing legitimate cloud services such as Dropbox, OneDrive, and GitHub.  While some of CeranaKeeper's tools were previously attributed to the Mustang Panda group, the researchers' new analysis revealed technical differences, suggesting these are distinct entities.

Security researchers at Netcraft have warned of a new wave of investment scams attempting to cash in on public awareness of the presidential debate last month. The researchers found 24 such domains related to the debate, including 14 phishing sites using the word “debate” in their domain. Many of the websites exploit the image of Republican presidential nominee Donald Trump, tech entrepreneur and billionaire Elon Musk, or a blend of both. The researchers noted that criminals likely use these personas to add legitimacy to their crypto investment theme.

Independent security researchers found a flaw in a web portal operated by the carmaker Kia that allowed them to track millions of cars, unlock doors, and start engines. The flaw discovered in the web portal enabled them to reassign control of most modern Kia vehicles' Internet-connected features, from the car owner's smartphone to their own phone or computer.

"Mustang Panda," a Chinese Advanced Persistent Threat (APT) group, is suspected of being behind an ongoing sophisticated cyber espionage campaign. It involves malicious emails, and the use of Visual Studio Code (VS Code) to spread Python-based malware, which gives attackers persistent remote access to infected machines. The Cyble Research and Intelligence Lab (CRIL) discovered the campaign spreading a .lnk file posing as a legitimate setup file to download a Python distribution package. It is actually used to run a malicious Python script.

Researchers at Akamai have found that the Common UNIX Printing System (CUPS) could be abused for large Distributed Denial-of-Service (DDoS) attacks following researcher Simone Margaritelli's warning regarding the system being vulnerable to unauthenticated Remote Code Execution (RCE). CUPS is an open source printing system based on the Internet Printing Protocol (IPP). It is mainly for Linux and UNIX-like operating systems. Margaritelli recently disclosed several unpatched CUPS vulnerabilities that, when chained together, can lead to RCE.

The Australian Cyber Security Centre (ACSC) has released a new guide titled "Principles of Operational Technology Cybersecurity" in collaboration with US Cybersecurity and Infrastructure Security Agency (CISA) and international partners. The guide contains information for organizations looking to secure their Operational Technology (OT) environments in the critical infrastructure sectors. It delves into fundamental principles such as safety, data protection, network segmentation, and others to help organizations manage risks and protect against cyber threats their OT systems face.

According to security researchers at Symantec, despite a recent indictment, the North Korean Stonefly group, also known by aliases such as APT45 and Silent Chollima, has been observed continuing its financially motivated cyberattacks against US organizations.  The researchers noted that the group, linked to North Korea’s Reconnaissance General Bureau, has shifted its focus from espionage to targeting private companies in sectors with little intelligence value.

DrayTek has recently released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10.  DrayTek noted that the flaws impact actively supported and models that have reached end-of-life.  Due to the severity, DrayTek has provided fixes for routers in both categories.  According to Vedere Labs, 785,000 DrayTek routers might be vulnerable to the newly discovered set of flaws, with 704,500 having their web interface exposed to the internet.