Ethical Hacking News
A novel PayPal phishing campaign has hijacked accounts, leaving thousands of users vulnerable to financial exploitation. Meanwhile, the malicious activities of groups like Banshee and Phemedrone have made headlines, with these attackers using various tactics to infect thousands of WordPress sites and steal sensitive data. This article provides a detailed look at the ongoing cybersecurity crisis, highlighting the latest vulnerabilities and threats that individuals and organizations face in today's digital landscape.
New PayPal phishing campaign has hijacked accounts, leaving thousands of users vulnerable to financial exploitation. Banshee, Phemedrone, and Balada Injector groups have been making headlines by infecting thousands of WordPress sites and stealing sensitive data using various tactics. A novel Samsung zero-click flaw has been discovered, while China-linked APT group MirrorFace targets Japan with its sophisticated malware. Security experts warn of mass exploitation of Ivanti Connect Secure VPN flaws and multiple flaws in Fortinet FortiOS devices that leave them exposed to attack. The Phemedrone info stealer campaign exploited Windows smartScreen bypass to target job seekers with cryptominer, highlighting the evolving nature of cyber threats. A vulnerability was found in Bosch BCC100 Thermostat, while SonicWall next-generation firewalls were found to be online exposed to hack. Researchers created PoC exploit code for Apache OFBiz flaw CVE-2023-51467 and Veeam Backup Enterprise Manager flaw CVE-2024-29849.
In recent months, a surge in high-profile cyber attacks has left governments, corporations, and individuals reeling. A novel PayPal phishing campaign has hijacked accounts, leaving thousands of users vulnerable to financial exploitation. Meanwhile, the malicious activities of groups like Banshee, Phemedrone, and Balada Injector have made headlines, with these attackers using various tactics to infect thousands of WordPress sites and steal sensitive data.
But the attacks don't stop there. Researchers have discovered details of a now-patched Samsung zero-click flaw, while China-linked APT group MirrorFace targets Japan with its sophisticated malware. The threat actors behind the Balada Injector campaign continue to wreak havoc on unsuspecting victims, using evasion mechanisms to evade detection. On the other hand, security experts have warned of mass exploitation of Ivanti Connect Secure VPN flaws, and multiple flaws in Fortinet FortiOS that leave devices exposed to attack.
In a disturbing turn of events, the threat actors behind the Phemedrone info stealer campaign exploited Windows smartScreen bypass to target job seekers with cryptominer. The attackers also targeted Apache Hadoop and Flink to deliver cryptominers, highlighting the ever-evolving nature of cyber threats. Furthermore, Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic.
Security experts have warned of a vulnerability affecting Bosch BCC100 Thermostat, while SonicWall next-generation firewalls were found to be online exposed to hack. In addition, researchers created a PoC exploit code for Apache OFBiz flaw CVE-2023-51467, and Experts released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Meanwhile, Citrix warned admins to immediately patch NetScaler for actively exploited zero-days.
As the situation continues to unfold, security experts have issued a wake-up call, urging individuals and organizations to take immediate action to protect themselves against cyber threats. In light of these developments, it is essential to be aware of the latest vulnerabilities and take proactive steps to mitigate potential risks. The ongoing cybersecurity crisis serves as a stark reminder that vigilance and awareness are crucial in this ever-evolving landscape.
Related Information:
https://securityaffairs.com/172935/cyber-crime/paypal-phishing-campaign-hijacks-accounts.html
https://www.securityweek.com/paypal-phishing-campaign-employs-genuine-links-to-take-over-accounts/
https://www.consumeraffairs.com/news/paypal-email-phishing-scam-hijacks-accounts-010925.html
Published: Sat Jan 11 04:55:53 2025 by llama3.2 3B Q4_K_M
