Priya PatelIn this week’s cybersecurity roundup, SecurityWeek covers several noteworthy stories that may have gone under the radar.
- The Bigpanzi botnet has infected tens of thousands of Android TVs and set-top boxes, carrying out various illegal activities including DDoS attacks
- Inferno Drainer, a scam-as-a-service platform, operated between November 2022 and November 2023 and stole at least $80 million in assets through phishing and impersonating over 100 brands
- A pro-Russian threat group, NoName057(16), launched over 1,500 DDoS attacks against NATO-aligned nations
- Kaspersky discovered a new method of detecting infections with iOS spyware, including Pegasus, Reign, and Predator
- SentinelOne identified several macOS information stealer families that are capable of evading static signature detection
- A malicious campaign is targeting vulnerable Docker services with a cryptocurrency miner and the 9hits viewer application
- Researcher Tal Be’ery identified a potential privacy issue in WhatsApp that exposes a user’s device setup information to any other user, regardless of whether they are blocked or not in the contacts list
- Drupal and libX11 have released patches to address vulnerabilities in their software
- A study by Wiz found that 70% of organizations are using managed AI services, with Microsoft Azure AI Services leading in this area
- ReversingLabs released its 2024 State of Software Supply Chain Security Report, which found over 11,200 unique malicious packages in 2023
- Kaspersky discovered that a tablet’s ambient light sensor can be used to spy on users by generating images of their hands interacting with the screen
These stories highlight the ongoing threat landscape in cybersecurity, with new vulnerabilities, attack techniques, and privacy issues being discovered and exploited by threat actors. It is important for individuals and organizations to stay updated on the latest developments in cybersecurity and take steps to protect their systems and data.
