Security experts are warning against FAUST, a variant of highly sophisticated Phobos ransomware. It is capable of maintaining persistence within a network environment and executing efficiently with multiple threads. Yet another cunning malware, WhiteSnake Stealer, has been identified conducting a strategic campaign to surreptitiously harvest sensitive user data, including cryptocurrency wallet information. The malware is cleverly concealed within a series of deceptive PyPI packages meticulously crafted by cybercriminals over time.

Westermo Lynx industrial ethernet switches are affected by numerous vulnerabilities, two of which are rated as high severity, according to the CISA's advisory. Successful exploitation of the vulnerabilities could lead to modification of device behavior and communications or denial of user access.

Top Breaches Reported in the Last 24 Hours

BEC scammers stole $250,000

The GALA Hispanic Theatre in Washington, D.C., had $255,000 stolen in a hacking incident, where attackers siphoned funds from the theater's bank account. The theft occurred when the theater's accountant initiated a standard wire transfer, only to find that the system was compromised. The attackers swiftly emptied the entire bank account, with the funds transferred to a fake company. While the bank did not initially respond to stop the transaction, the theater later received a notice that the stolen funds were recovered.

Health services data breach impacts 3.9 million

Concentra Health Services, a Texas-based therapy provider, disclosed a data breach impacting nearly 4 million patients due to a hack at Perry Johnson & Associates (PJ&A), a medical transcription vendor. The PJ&A incident, affecting at least 14 million patients, involved unauthorized access to PJ&A's network between March 27, 2023, and May 2, 2023. Concentra, Northwell Health, Crouse Health, and others were affected.

KCATA became a ransomware victim

The Kansas City Area Transportation Authority (KCATA) revealed that it experienced a ransomware attack. While services such as fixed-route buses and paratransit remain unaffected, call centers have faced operational disruptions. The Medusa ransomware gang claimed responsibility for the attack and demanded $2 million in ransom. To extend the deadline for payment, the group has asked to pay $100,000/day.

Top Malware Reported in the Last 24 Hours

Rogue package delivers WhiteSnake Stealer

A threat actor has been uploading malicious packages to the PyPI repository, delivering an information-stealing malware called WhiteSnake Stealer. The campaign, tracked as PYTA31 by Checkmarx, aims to exfiltrate sensitive data, including crypto wallet information. While Windows systems infected with the packages deploy Whitesnake Stealer, Linux hosts run a Python script for information harvesting. The malware targets web browsers, cryptocurrency wallets, and other applications.

Phobos variant introduces new attack chain

FortiGuard Labs exposed a fresh attack vector involving the FAUST ransomware, a Phobos variant. The attackers employed a Visual Basic script in an Office document to propagate FAUST. They utilized the Gitea service to store encoded files, initiating a file encryption attack when injected into a system's memory. The ransomware employs advanced evasion tactics, adds persistence, and carries an exclusion list.

Top Vulnerabilities Reported in the Last 24 Hours

Flaws in Westermo Lynx industrial switches

The CISA revealed that Westermo Lynx industrial switches, specifically the Lynx 206-F2G model, harbor eight vulnerabilities, with two deemed high-severity and six medium-severity. The flaws included stored cross-site scripting bugs, code injection, cross-origin resource-sharing issues, and more. Security researchers highlighted the potential for remote attackers to manipulate device behavior, modify communications, and execute denial-of-service attacks.