Chinese Group Found to Hack Philippine Government Agencies
Cyberint released a report earlier this week, revealing a Chinese-sponsored ‘Mustang Panda’ advanced persistent threat (APT) group’s attacks on South Asian entities, with particular focus on Philippine government agencies.
These three ‘Mustang Panda’ cyber campaigns were initiated through illicitly disguised malware in the form of a PDF or antivirus, which, if downloaded, initiated a command-and-control (C2) connection.
Rise in Tax-Related Phishing Scams Detected
Microsoft’s Threat Intelligence arm issued a warning on the rise of new, sophisticated tax phishing scams that could lead to stolen personal and financial data.
These tax-related phishing scams are initiated by impersonating trusted employers, tax agencies, and payment processors. Victims click on a malicious attachment, which leads to a believable landing page designed to capture sensitive information.
Certy AI’ OpenAI Keys Left Up for Grabs
The Cybernews research team discovered that Certy AI unintentionally exposed a publicly accessible environment (env.) file containing the company’s OpenAI API key.
Since the discovery, Certy AI closed the file. “API keys are sensitive credentials that grant access to specific services or resources, and if they fall into the wrong hands, it can lead to unauthorized access and potential misuse of the associated resources,” researchers said.
