ESET reports China-aligned LongNosedGoblin spying on government networks in Southeast Asia & Japan using Group Policy and cloud-based malware control.
Get the latest international news and world events from around the world.
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories
This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from.
From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape has become.
Here’s the full rundown of what moved in the cyber world this week.
Windows 10 OOB update released to fix Message Queuing (MSMQ) issues
This month’s extended security update for Windows 10 broke Message Queuing (MSMQ), which is typically used by enterprises to manage background tasks.
Microsoft says it identified a fix and is now rolling out an out-of-band update (KB5074976) via Update Catalog to address it.
You won’t find the OOB on Windows Update or WSUS, as it’s only offered via Update Catalog, but if you are affected, you should download the out-of-band release.
Clop ransomware targets Gladinet CentreStack in data theft attacks
The Clop ransomware gang (also known as Cl0p) is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign.
Gladinet CentreStack enables businesses to securely share files hosted on on-premises file servers through web browsers, mobile apps, and mapped drives without requiring a VPN. According to Gladinet, CentreStack “is used by thousands of businesses from over 49 countries.”
Since April, Gladinet has released security updates to address several other security flaws that were exploited in attacks, some of them as zero-days.
New password spraying attacks target Cisco, PAN VPN gateways
An automated campaign is targeting multiple VPN platforms, with credential-based attacks being observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN.
On December 11, threat monitoring platform GreyNoise observed the number of login attempts aimed at GlobalProtect portals peaked at 1.7 million during a period of 16 hours.
Collected data showed that the attacks originated from more than 10,000 unique IP addresses and were aimed at infrastructure located in the United States, Mexico, and Pakistan.
France arrests Latvian for installing malware on Italian ferry
French authorities arrested two crew members of an Italian passenger ferry suspected of infecting the ship with malware that could have enabled them to remotely control the vessel.
As the Paris prosecutor’s office announced this week, a Bulgarian national has been released without any charge, while a Latvian suspect who recently joined the crew of the Fantastic ferry (owned by Italian shipping company Grandi Navi Veloci) remains detained and was transferred to Paris on Sunday.
The Latvian crew member now faces charges of conspiring to infiltrate computer systems on behalf of a foreign power after a remote access tool was discovered aboard the ferry, as Le Parisien first reported.
