China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
Kaspersky attributes a two‑year cyber‑espionage campaign to the China‑linked APT group Evasive Panda, which used DNS‑poisoning to deliver its MgBot backdoor. The attacks, observed from November 2022 to November 2024, targeted organizations in Turkey, China and India by hijacking DNS responses for fake software‑update domains. Victims received a staged loader that fetched an encrypted PNG payload, which was later decrypted and executed as MgBot. The malware’s modular capabilities include credential theft, keystroke logging, and audio capture, enabling long‑term persistence.
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
In 2022 LastPass suffered a breach that exposed encrypted vault backups containing cryptocurrency private keys and seed phrases. TRM Labs now reports that weak master passwords allowed attackers to decrypt these vaults offline, siphoning roughly $35 million in crypto assets through...
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
Fortinet disclosed that CVE‑2020‑12812, a case‑sensitivity flaw in its SSL VPN, is being actively exploited in the wild. The vulnerability lets attackers bypass two‑factor authentication when local users are linked to LDAP groups and usernames are entered with different casing....
New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper
Researchers uncovered a new macOS stealer, MacSync, delivered via a digitally signed and notarized Swift application masquerading as a messenger installer. The signed DMG bypasses Apple Gatekeeper and XProtect, allowing the dropper to execute an encoded script after user interaction....