The attackers gained initial access by abusing the scriptText endpoint of the Jenkins server, achieving remote code execution (RCE) through a Groovy script.
More sophisticated EtherRAT malware variant delivered via trojanized installer Threat actors have leveraged a malicious copy of the popular Windows TFTP server and admin tool, Tftpd64, to compromise IT administrators and network professionals with an updated iteration of the EtherRAT malware as part of a new hybrid attack campaign that combines system compromise with cryptocurrency theft, according to Cyber Security News.
Infosecurity Magazine reports that Windows systems are being stealthily targeted for protracted surveillance and credential exfiltration with the new Python-based Deep#Door backdoor framework.
Cybersecurity researcher Jeremiah Fowler discovered the data, which included intimate chat logs from apps like WhatsApp, Facebook, TikTok, and Instagram.
High-level fintech and cryptocurrency individuals, including executives and developers, have had their macOS environments targeted by the North Korean hacking collective Lazarus Group with the new Mach-O Man malware kit in a new ClickFix campaign, reports GBHackers News.
Brazilian threat group LofyGang has resurfaced to compromise Minecraft players with the novel LofyStealer malware, also known as GrabBot, more than three years after its last attack campaign, The Hacker News reports.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
