U.S. power and electronics company Eaton patched a sensitive security flaw that enabled an unauthenticated user to remotely access a large number of smart security alarm systems. The flaw is categorized as an insecure direct object reference (IDOR). It’s time you get introduced to Mystic Stealer. Since April 2023, this malware has been gaining traction on hacking forums and darknet markets. Researchers confirmed the existence of at least 50 actively operational C2 servers allowing operators to carry out a broad range of data theft operations.

Researchers stumbled across a collection of malicious artifacts, dubbed JokerSpy, which they believe to be components of an advanced toolkit specifically designed to target Apple macOS systems. Some of the puzzle pieces are still missing, they said.

Top Breaches Reported in the Last 24 Hours

Driver's licenses exposed

Press releases by the Louisiana Office of Motor Vehicles and the Oregon Driver & Motor Vehicle Services revealed that millions of driver's licenses were compromised after the Cl0p group abused the MOVEit bug. Officials said there is no evidence suggesting that the ransomware group disclosed or traded any of the stolen data. They also hope that the compromised data may have been deleted as per the group’s promise of deleting government data.

Hackers halt Central Bank’s website

The Central Bank of Malta's website suffered a cyberattack reportedly at the hands of the notorious hacker group known as Turk Hack Team. The hacker group has shared screenshots depicting the Central Bank of Malta's website grappling with access requests, indicating a suspected DDoS attack. Cybercriminals didn’t provide the reason or further details for targeting the Maltese financial institution.

Reddit facing serious breach

The BlackCat (aka ALPHV) ransomware group claimed responsibility for the February attack on Reddit and allegedly pilfered 80GB of confidential data, such as internal documents, source code, and some business systems. The sophisticated phishing attack redirected its targeted employees to a website that imitated the company's intranet gateway. The landing page deceived victims into blurting out their credentials and second-factor tokens.

Top Malware Reported in the Last 24 Hours

New info-stealer steals the show

Security experts at Zscaler and Cyfirma warned against the quick rise of the new Mystic Stealer malware in their respective reports. Mystic Stealer is capable of targeting a wide range of software and applications, including 55 cryptocurrency browser extensions, 40 different web browsers, 70 browser extensions, 21 cryptocurrency applications, 9 MFA and password management applications, as well as credentials for platforms like Steam and Telegram.

JokerSpy - set of macOS threats

Bitdefender researchers found four samples of largely unreported samples of malicious programs that appear to be part of an advanced toolkit aimed at exploiting macOS systems. Two of those were described as Python-based backdoors meant to cripple systems running Windows, Linux, and macOS. Collectively, these payloads have been given the name "JokerSpy". These possess a range of capabilities from gathering system data and executing various commands to downloading and running files on the compromised machine, as well as terminating their own processes when necessary.

Top Vulnerabilities Reported in the Last 24 Hours

Hijacking alarm systems

A vulnerability has been identified in Eaton's SecureConnect, a cloud-based system that offers customers the capability to remotely control their security alarm systems. The vulnerability in the case is known as IDOR. Any individual could abuse it to create a new user account and assign it to various user groups, including the powerful "root" group. This group has access to all of the smart alarm systems. The bug was successfully resolved in May.