Threat actors have leveraged web hard drives disguised as adult-themed games to facilitate the distribution of the Remcos RAT surveillance tool across South Korea, The Hacker News reports.
BleepingComputer reports that information-stealing malware targeted at macOS systems, including KeySteal, Atomic Stealer, and CherryPie, have been updated by their developers to bypass the continuous updates Apple has added to the built-in XProtect anti-malware system.
“This particular attack is using unpatched vulnerabilities first announced (and patched) three to seven years ago. They are still unpatched and still being exploited,” researchers said.
Several updates have been introduced to the Atomic Stealer macOS information-stealing malware, also known as AMOS, including the integration of payload encryption to better evade security software detection, The Hacker News reports.
BleepingComputer reports that more than 6,700 WordPress sites leveraging Popup Builder plugin vulnerable to the cross-site scripting bug, tracked as CVE-2023-6000, have been compromised in a new Balada Injector campaign that commenced last month.
SecurityWeek reports that more details regarding the Stuxnet malware, which is thought to be co-developed by the U.S. and Israel in 2010 to target Iran's nuclear infrastructure-related industrial control systems, have emerged following a two-year probe by De Volkskrant, a Dutch newspaper.
Apache's open-source software utility collection Hadoop and open-source, unified stream-processing, and batch-processing framework Flink are being targeted in new malware attacks that involve packers and rootkits to evade detection, SiliconAngle reports.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
