Maverick malware spreads via WhatsApp Web, targeting Brazilian banks through PowerShell and browser hijacking.
Category: cybercrime/malcode
GlobalLogic warns 10,000 employees of data theft after Oracle breach
GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite (EBS) data breach.
Based in Santa Clara, California, this software and product development services company was founded in 2000. Since then, it has expanded to 59 product engineering centers and several offices worldwide.
In a breach notification letter filed with the office of Maine’s Attorney General, the company states that the attackers exploited an Oracle EBS zero-day vulnerability to steal personal information belonging to 10,471 employees.
Rhadamanthys infostealer disrupted as cybercriminals lose server access
The Rhadamanthys infostealer operation has been disrupted, with numerous “customers” of the malware-as-a-service reporting that they no longer have access to their servers.
Rhadamanthys is an infostealer malware that steals credentials and authentication cookies from browsers, email clients, and other applications. It is commonly distributed through campaigns promoted as software cracks, YouTube videos, or malicious search advertisements.
The malware is offered on a subscription model, where cybercriminals pay the developer a monthly fee for access to the malware, support, and a web panel used to collect stolen data.
Automatic C to Rust translation technology provides accuracy beyond AI
As the C language, which forms the basis of critical global software like operating systems, faces security limitations, KAIST’s research team is pioneering core original technology research for the accurate automatic conversion to Rust to replace it. By proving the mathematical correctness of the conversion, a limitation of existing artificial intelligence (LLM) methods, and solving C language security issues through automatic conversion to Rust, they presented a new direction and vision for future software security research.
The paper by Professor Sukyoung Ryu’s research team from the School of Computing was published in the November issue of Communications of the ACM and was selected as the cover story.
The C language has been widely used in the industry since the 1970s, but its structural limitations have continuously caused severe bugs and security vulnerabilities. Rust, on the other hand, is a secure programming language developed since 2015, used in the development of operating systems and web browsers, and has the characteristic of being able to detect and prevent bugs before program execution.
Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide
A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users’ credentials.
The kit comes pre-configured with phishing domains to allow less skilled threat actors to achieve maximum results with the least effort.
Since August, analysts at security awareness company KnowBe4 have noticed Quantum Route Redirect (QRR) attacks in the wild across a wide geography, although nearly three-quarters are located in the U.S.
