The oil and gas sector faces a grave cybersecurity threat from the sophisticated MaaS Rhadamanthys Stealer. Targeting critical infrastructure, the info-stealer harvests email, FTP, and banking credentials, with advanced features like cryptocurrency theft and Google Account cookie retrieval. Separately, an infected Korean website was found manipulating visitors into downloading a malicious security program posing as authentic. The program would distribute an info-stealer for data theft and a backdoor for RCE attacks.

TCC, an Apple security framework, was affected by a flaw linked to the ‘Expand URL’ shortcut action. Successful exploitation allows attackers to access and transfer Base64-encoded data to malicious websites. Shared Shortcuts could extend the vulnerability's reach, potentially compromising user data like photos, contacts, and files.

Top Breaches Reported in the Last 24 Hours

Ophthalmology firm notifies of breach

Medical Management Resource Group, operating as American Vision Partners, disclosed a hacking incident affecting nearly 2.4 million patients. The breach involved unauthorized access to parts of the network and compromised personal information, including names, contact details, birthdates, medical records, and in some cases, SSNs and insurance information. Affected individuals have been advised to monitor their credit reports and account statements.

Crypto exchange hit by $26 million hack

FixedFloat, a decentralized cryptocurrency exchange, fell victim to a significant data breach resulting in the theft of approximately $26 million worth of BTC and ETH. The exchange, known for its non-KYC model, experienced frozen transactions and missing funds, prompting an investigation into the security incident. While initially attributed to technical issues, the attack has been confirmed as an external breach, refuting rumors of insider involvement.

Rehabilitation center leaks data

Several drug rehabilitation centers operated by Maryville, Inc., in New Jersey, fell victim to a data breach in August 2023, compromising personal information including SSNs, health insurance details, and financial account information. Although there's no evidence of misuse, the company urges affected individuals to take preventive measures such as obtaining credit reports and placing fraud alerts.

Top Malware Reported in the Last 24 Hours

Malware disguised as security programs

ASEC laid bare malware strains disguised as security programs on a Korean construction-related association's website. Users were prompted to install security programs, including one named NX_PRNMAN, which contained malware. The malicious installer, signed with a valid certificate stolen from a Korean defense company, installs malware (TrollAgent) and legitimate security software, making detection challenging. The attack has affected over 3,000 users so far.

**Rhadamanthys Stealer targets oil and gas sector **

Cofense Intelligence identified an advanced phishing campaign compromising oil and gas firms using the sophisticated Rhadamanthys Stealer. The campaign exploits an open redirect on legitimate domains, such as Google Maps, leading victims to interact with an interactive PDF file hosted on a newly registered domain. This triggers the download of a ZIP archive containing the stealer executable that aims to steal credentials and sensitive information from hosts.

Top Vulnerabilities Reported in the Last 24 Hours

Ubuntu addresses FreeImage library bugs

The Ubuntu security team released critical updates, addressing multiple vulnerabilities in FreeImage, a widely used open-source image processing library. These vulnerabilities, affecting various Ubuntu versions including 16.04 and 18.04, could lead to denial of service attacks if left unpatched. The vulnerabilities include heap buffer overflows and incorrect image processing, with severity scores ranging from medium to high.

Apple Shortcuts bug exposes sensitive data

A critical vulnerability CVE-2024-23204 in Apple's Shortcuts application allows attackers to bypass the Transparency, Consent, and Control (TCC) security framework, accessing sensitive data without user permission. Bitdefender researchers demonstrated how malicious shortcuts can silently gather data, affecting macOS and iOS versions preceding macOS Sonoma 14.3, iOS 17.3, and iPadOS 17.3. Apple has urged users to update their devices promptly.