A new case of an impersonation attack emerged in the last 24 hours. Cybercriminals were found mimicking cybersecurity researchers on Twitter and GitHub with the intention to infect Windows and Linux systems with malware. Threat actors published fake PoC exploit codes for zero-day vulnerabilities of popular software to dupe users. A new trojan, dubbed Pikabot, capable of executing a range of malicious commands on victims’ systems has also surfaced in the past 24 hours.

In other updates, a bundle of security patches from Microsoft and Siemens were released as part of the June Patch Tuesday. While Microsoft addressed 94 security flaws, Siemens fixed roughly 200 vulnerabilities affecting its products.

Top Breaches Reported in the Last 24 Hours

South African Bank targeted

The Development Bank of Southern Africa suffered an Akira ransomware attack that encrypted servers, log files, and documents. The bank conducted an investigation and determined that business names, names of directors and shareholders, addresses, identification documents, contact information, and phone numbers were accessed by attackers.

Records of over 181,000 patients compromised

Hackers breached the computer network at a Scranton, Pennsylvania-based cardiology group and potentially obtained the private data of over 181,000 patients. The information exposed included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and passport numbers.

Top Malware Reported in the Last 24 Hours

Fake zero-day PoC used to push malware

Cybercriminals are impersonating cybersecurity researchers on Twitter and GitHub to publish fake PoC exploit codes for zero-day vulnerabilities to infect Windows and Linux systems with malware. The campaign has been underway since May and promotes exploits for zero-day flaws in popular software such as Chrome, Discord, Signal, WhatsApp, and Microsoft Exchange.

New Pikabot trojan

A newly discovered Pikabot trojan is capable of executing a range of malicious commands, including running arbitrary shellcode, DLLs, and distributing malicious tools such as Cobalt Strike. The trojan is modular in nature, comprising a loader and a core module. It shares similarities with the QakBot trojan.

New Skuld infostealer detected

A new Golang infostealer, known as Skuld, has been found compromising systems worldwide. The malware is capable of stealing sensitive data from victims. It also includes modules to steal cryptocurrency assets. To accomplish this task, the skuld searches for data stored in applications such as Discord and web browsers.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft addresses 94 flaws

Microsoft released security updates for 94 vulnerabilities in June’s edition of Patch Tuesday. Six of these are rated as critical and 70 as important. The flaws include DoS, privilege escalation, remote code execution, security feature bypass, and spoofing. The affected products include Microsoft Office and Components, Microsoft Exchange Server, Win32K, Windows TPM Device Driver, Windows Remote Procedure Call Runtime, Windows PGM, Microsoft Printer Drivers, and Windows Hello, among others.

Siemens and Schneider Electric release advisories

Siemens released a dozen new advisories for roughly 200 vulnerabilities impacting third-party components, Simatic S7-1500, Linux kernel, BusyBox, Intel processors, Simatic WinCC, Visualization and JT2Go, and Sicam A8000 products. Separately, Schneider Electric issued four new advisories for five vulnerabilities affecting its Foxboro Distributed Control System (DCS) and SCADA. Two of the flaws affecting Foxboro DCS could be exploited for DoS attacks, privilege escalation, and kernel code execution. The flaws affecting SCADA products could be exploited to expose cleartext credentials.

**VMware ESXi zero-day exploited **

Chinese cyberespionage group UNC3886 exploited a zero-day authentication bypass flaw in VMware ESXi hosts to execute multiple backdoors—collectively dubbed VirtualPITA and VirtualPIE—on guest virtual machines. The backdoors enabled attackers to maintain persistent administrative access to the hypervisor, and transfer files between ESXi hypervisor and guest machines. The flaw, tracked as CVE-2023-208670, existed in VMware Tools and was patched this Tuesday.

Vulnerable WordPress plugin exposes details

A flaw in the WooCommerce Stripe Gateway plugin for WordPress could enable any unauthenticated user to view details of the orders placed through the plugin. The flaw, identified as CVE-2023-34000, impacts all versions of the plugin below 7.4.1. A patch with version 7.4.1 was released on May 30.