Malicious ads infiltrate Microsoft’s Bing Chat, promoting fake download sites laden with malware. These deceptive ads exploit users’ trust in AI-driven chat tools, potentially leading to inadvertent clicks. The malvertizing campaign imitates a popular IP scanner, leading to a risky redirect chain. While the final payload remains undisclosed, users must exercise caution when engaging with chatbot results to prevent potential cyber threats. Users are urged to stay vigilant and verify URLs before downloading anything.

(Source: Bleeping Computer)

BlackCat (ALPHV) ransomware strikes Azure cloud using stolen Microsoft accounts and a new Sphynx encryptor variant. Sophos discovered this during a breach investigation. Attackers compromised a Sophos Central account, disabled security, and encrypted systems and Azure storage. This group, possibly a DarkSide/BlackMatter rebrand, is known for global enterprise targeting and adaptation.

(Source: Bleeping Computer)

Adobe has issued critical security updates to patch a zero-day vulnerability (CVE-2023-26369) in Acrobat and Reader. Attackers have actively exploited it on both Windows and macOS systems. This flaw allows code execution but requires user interaction and local access. Adobe advises immediate installation of the update, and other security issues in Adobe Connect and Adobe Experience Manager were also addressed.

(Source: Bleeping Computer)

A recent phishing campaign misuses Microsoft Teams messages to disseminate DarkGate Loader malware. Starting in late August this year, attackers sent phishing messages from compromised Office 365 accounts, convincing recipients to download a ZIP file. Opening the attachment triggers the download of DarkGate Loader, which is a versatile malware. This threat warrants close monitoring as it poses an increasing risk.

(Source: Bleeping Computer)

DarkBeam, a digital risk protection company, left an online database unprotected, exposing over 3.8 billion user records. These records, including email addresses and passwords, were from previous breaches. Password reuse poses a significant risk, and users should consider enabling two-factor authentication to protect their accounts. Data leaks like this underline the importance of strong, unique passwords.

(Source: Toms Guide)