Attacks leveraging Microsoft Exchange Server vulnerabilities to facilitate keylogger malware deployment have been launched against more than 30 government, financial, education, and IT organizations in Africa and the Middle East since 2021, reports The Hacker News.
Most everyone uses email and critical infrastructure sectors are high-profit industries that deploy legacy technology easy to exploit, so attackers take advantage of the easy access via email to make hefty profits.
SecurityWeek reports that Google has noted that the preventable cyberattack aimed at U.S. government emails that the Cyber Safety Review Board attributed to Microsoft's significant security failings was indicative of the "monoculture" security risks, which should be mitigated by implementing a multi-vendor strategy in addition to the advancement of open standards for interoperability.
Threat actors have been distributing the novel Antidot Android banking trojan as fraudulent Google Play updates to facilitate credential compromise and other malicious actions, SecurityWeek reports.
Cryptojacking operation Kinsing, also known as H2Miner, had its botnet strengthened with the addition of new security vulnerabilities, reports The Hacker News.