It was a banner week for cybercriminals and a difficult one for defenders. Tons of of organizations noticed menace actors exploit essential flaws of their Microsoft SharePoint servers, with extra malicious hackers piling on and assaults nonetheless ongoing.
In the meantime, simply two months after a significant FBI takedown, Lumma malware-as-a-service operations not solely seem to have absolutely recovered, however are stealthier and simpler than ever. And the revolutionary Coyote banking Trojan has damaged new technical floor by weaponizing Home windows accessibility options towards customers.
Collectively, these tales spotlight the opportunism, adaptability, resilience and ingenuity of in the present day’s cyberthreats — and the essential significance of countermeasures, reminiscent of immediate patching and frequent safety consciousness coaching.
Learn extra about an eventful week in cybercrime.
Ongoing SharePoint assaults hit tons of of Microsoft prospects
Microsoft prospects with on-premises SharePoint servers are dealing with an enormous wave of ongoing cyberattacks that started in early July and escalated prior to now week.
The intrusions exploit an assault chain dubbed ToolShell, a sequence combining distant code injection and community spoofing flaws. Attackers have reportedly used the vulnerabilities to compromise tons of of SharePoint prospects worldwide, together with the U.S. Nationwide Nuclear Safety Administration and the Division of Homeland Safety.
In keeping with Microsoft, three Chinese language nation-state menace actors have been among the many first to provoke ToolShell assaults in early July. Extra just lately, one of many teams additionally started utilizing the vulnerability sequence in ongoing ransomware assaults.
Microsoft launched an emergency out-of-band safety replace on July 19. The patch covers SharePoint Subscription Version, SharePoint 2019 and SharePoint 2016. Researchers warned that extra menace actors would possibly be a part of the continued assault marketing campaign, making fast patching essential for all SharePoint prospects.
The vulnerabilities don’t have an effect on the Microsoft 365 model of SharePoint On-line.
Learn the complete story by David Jones on Cybersecurity Dive.
Lumma stealer malware returns after FBI takedown
The infamous Lumma malware — which goals to steal delicate data, reminiscent of credentials and cryptocurrency pockets data — has quickly resurfaced following its FBI takedown in Might. Development Micro researchers stated Lumma menace actors’ exercise appeared to have returned to regular ranges between June and July, though their techniques have gotten stealthier and extra discreet.
Beforehand, Lumma operators relied closely on Cloudflare’s infrastructure to cover their malicious domains. Now, nevertheless, they’re more and more turning to suppliers which might be much less beholden to U.S. legislation enforcement, reminiscent of Russia-based Selectel.
Lumma distribution strategies are additionally evolving, with current assaults utilizing pretend cracked software program, ClickFix campaigns with misleading CAPTCHA pages, AI-generated GitHub repositories, and social media campaigns on YouTube and Fb.
Learn the complete story by Elizabeth Montalbano on Darkish Studying.
Coyote breaks new floor by exploiting Home windows UI Automation
The banking Trojan Coyote, lively in Latin America since February 2024, has pioneered a brand new assault methodology by exploiting the Home windows UI Automation framework to steal banking credentials. This marks the primary identified occasion of malware abusing this legit accessibility characteristic designed to assist individuals with disabilities work together with Home windows methods.
Energetic primarily in Brazil, Coyote has focused customers of 75 banks and cryptocurrency exchanges. The malware features preliminary entry via malicious LNK recordsdata in phishing emails, then displays browser exercise for banking web sites.
Coyote is especially harmful due to its means to operate offline and use UI Automation to extract delicate data from browser tabs in a extra dependable approach than conventional strategies. It exemplifies how attackers’ methods proceed to evolve to outpace safety measures.
Learn the complete story by Jai Vijayan on Darkish Studying.
Editor’s be aware: An editor used AI instruments to assist within the technology of this information temporary. Our knowledgeable editors all the time assessment and edit content material earlier than publishing.
Alissa Irei is senior website editor of Informa TechTarget’s SearchSecurity.
