Cover your ears folks, here comes Michael Buble! As we wrap up for Christmas (boom boom) we would like to say a huge THANK YOU to all our vendor partners and customers that we have worked with this year. Wishing you and your families a very Merry Christmas and a Happy New Year!‍

New and noteworthy this week: Our vendor partner Cequence 2H report revealing a staggering 700% increase in retail fraud! You can download the report HERE plus if you haven't already subscribed, we love Abnormal Security's weekly Abnormal Insights newsletters. A collection of actionable intelligence, expert advice, and the latest data on email threats. You can see the latest newsletter and subscribe HERE‍

‍

Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.

This week we heard about why opposition politicians and journalists are high risk targets for spyware attacks, a new piece of malware attempting to steal bank credentials worldwide and how the FBI took down BlackCat ransomware!

‍

Keep reading to stay up to date on the latest cyber security news.

‍

‍1. Google Fixes 8th Chrome zero-day Vulnerability Exploited in Attacks This Year‍

Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. The company fixed the zero-day bug for users in the Stable Desktop channel, with patched versions rolling out worldwide to Windows users and Mac and Linux users one day after being reported to Google. Even though the security update could take days or weeks to reach all users, according to Google, it was available immediately. Individuals who prefer not to update manually can rely on their web browser to automatically check for new updates and install them upon the next launch.‍

‍

2. New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide‍

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.‍

‍

3. Healthcare Software Provider Data Breach Impacts 2.7 million‍

ESO Solutions, a provider of software products for healthcare organisations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack. According to the notification, the intrusion occurred on September 28 and resulted in data being exfiltrated before the hackers encrypted a number of company systems. Unfortunately, these supply-chain breaches have become all too common in the healthcare space, impacting patient data safety and threatening the operational and financial stability of medical institutions.‍

‍

4. FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool‍

The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate for the BlackCat group and gain access to a web panel used for managing the gang's victims, in what's a case of hacking the hackers. The confiscation effort involved collaboration and assistance from multiple law enforcement agencies from the US, Germany, Denmark, Australia, UK, Spain, Switzerland, and Austria.‍

‍

5. New Malvertising Campaign Distributing PikaBot Disguised as Popular Software‍

The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk.  The malware family, which first appeared in early 2023, consists of a loader and a core module that allows it to operate as a backdoor as well as a distributor for other payloads. This enables the threat actors to gain unauthorised remote access to compromised systems and transmit commands from a command-and-control (C2) server, ranging from arbitrary shellcode, DLLs, or executable files, to other malicious tools such as Cobalt Strike.