Morphisec late yesterday published a study of an "emerging" crypter, "Babadeda," which criminals are using to mount and obfuscate malware attacks against cryptocurrency traders and NFT speculators. Babadeda has been found operating in the popular Discord community.
SafeBreach today issued a report on what it describes as an Iranian threat actor using a Microsoft MSHTML remote-code execution exploit with a new PowerShell stealer. It appears to be a cyberespionage campaign against Farsi-speaking targets. The campaign seems to have begun in mid-September; most targets are located outside of Iran.
In November's Patch Tuesday Microsoft addressed a high-severity remote-code-execution issue in on-premises Exchange Server 2016 and 2019. Users are advised to patch: the flaw is being exploited in the wild, and a proof-of-concept has been published, Computing and others report.
BleepingComputer says a proof-of-concept that bypasses Microsoft's November patch of 'Windows Installer Elevation of Privilege Vulnerability' (CVE-2021-41379) has been developed. The zero-day opens systems up to privilege-escalation attacks.
Apple has filed a lawsuit against NSO Group. The complaint includes details about the FORCEDENTRY exploit, which used a since-patched vulnerability to install Pegasus intercept tools in iPhones. Apple calls NSO Group "amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.”