Seven Chinese Hacking Groups Found to Exploit Ivanti Appliances
Mandiant released information on seven Chinese-nexus hacking groups linked to an exploitation spree of Ivanti VPN appliances, which attempted to mine cryptocurrency illicitly.
Tracked under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, UNC5337, and UNC3886, leverage the deployment of custom ‘TONERJAM’ and ‘PHANTOMNET’ malware payloads.
Visa’s Warning on RAT Campaign Targeting Financial Orgs
Visa released an alert on the ‘JsOutProx’ remote access trojan (RAT) malware phishing campaign which targets financial institutions and customers.
The JSOutProx malware linked to the ‘Solar Spider’ threat actor delivers a RAT that could steal sensitive data, establish a C2 connection, and extract Outlook information, among others.
KidSecurity Data Breach Leaves Thousands of Child-Linked Data Vulnerable
The Cybernews research team discovered that KidSecurity failed to configure authentication for their Kafka Broker Cluster, leaving child-related data accessible to threat actors for more than a year.
The leaked information includes; messaging information, email addresses, IP addresses, transaction info, audio recordings, and device information.
