Cybercriminals can remotely open your garage door and even hijack any home alarm system. Now, that’s too much control. Recently, a security researcher shared details about multiple security holes in the smart garage openers, alarms, and plugs manufactured by the Nexx brand. What’s worse? The patch request was reportedly ignored. A cybersecurity group also took the wraps off a malvertising campaign targeting Portuguese crypto enthusiasts with the new CryptoClippy malware. The ongoing attack campaign has found victims across manufacturing, IT services, and real estate industries.

Furthermore, multiple vulnerabilities were reported in a popular word processing software used in Japan. The bugs, when exploited, may lead to memory corruption and code execution attacks. An urgent patch is recommended.

Top Breaches Reported in the Last 24 Hours

U.K’s criminal records compromised

ACRO, U.K’s criminal records office, suffered a security breach that may have exposed the data—identification information and any criminal conviction data—sent to it by customers. The process for commuters to obtain visas for overseas travel has been impacted by the incident.

Major PC parts manufacturer faces extortion

Money Message, a new ransomware that surfaced days ago, has added Taiwanese PC parts maker Micro-Star International (MSI) to its leak site as a victim of its attack. Attackers claimed they stole 1.5TB of data from the victim’s systems that include CTMS and ERP databases and files containing software source code, BIOS firmware, and private keys. The ransom amount demanded by criminals is $4,000,000.

Dutch football association targeted

The systems pertaining to Dutch football association KNVB were accessed by an unauthorized party to steal sensitive employee information. The organization has stated that both business proceedings and football activities remained uninterrupted and communication channels, such as email systems, were also intact.

Top Malware Reported in the Last 24 Hours

CryptoClippy is new crypto threat

Cybercriminals launched a malvertising campaign involving malware named CryptoClippy to pilfer cryptocurrency from users in Portugal. Discovered by Palo Alto Networks Unit 42, the campaign uses SEO poisoning techniques to push users looking for "WhatsApp web" to fake domains containing malicious software. The scheme has helped the group make roughly $983.

Top Vulnerabilities Reported in the Last 24 Hours

Bugs affect Nexx products

Products by Nexx, a smart home products manufacturer, have vulnerabilities that range from high to low on the severity scale. Researcher Sam Sabetan, who reported the bugs in late 2022, and the CISA claimed that the firm had ignored the bug warnings. The researcher uncovered five types of flaws, including authorization bypass flaws, information disclosure issues, and improper authentication.

Vulnerable Japanese software

Four security flaws in JustSystems' Ichitaro, a widely-used word processing software in Japan, can lead to memory corruption and arbitrary code execution, found Cisco Talos. The bugs are tracked as CVE-2022-43664, CVE-2023-22291, CVE-2022-45115, and CVE-2023-22660. Users were encouraged to update the affected product version of Ichitaro 2022, version 1.0.1.57600.

Top Scams Reported in the Last 24 Hours

YouTube phishing scam

A phishing scam has come to light that uses YouTube's genuine no-reply@youtube[.]com email address to trick users into revealing their login details. The phishing email write-up contains a YouTube video and text informing users about YouTube’s new monetization policy and new rules. Meanwhile, YouTube has warned users to be cautious of the scam.