Cybersecurity Alerts: DarkGate Malware Spread via Microsoft Teams; Critical Apache Struts Flaw CVE-2024-53677 (CVSS 9.5) Exploited

Recent cybersecurity alerts have highlighted the evolving tactics of hackers exploiting vulnerabilities in widely used software. Microsoft Teams has become a target for voice phishing attacks, facilitating the spread of DarkGate malware. Attackers are impersonating external suppliers during Teams calls, tricking users into installing AnyDesk for remote access. Additionally, a critical vulnerability in Apache Struts, identified as CVE-2024-53677, has been reported, with a CVSS score of 9.5 out of 10. This flaw is actively being exploited following the release of proof-of-concept exploits. Organizations are urged to upgrade to Struts version 6.4.0 or higher and implement the Action File Upload mechanism to mitigate risks. The FBI and CISA have raised alerts regarding exploited flaws and ongoing campaigns, including HiatusRAT and CoinLurker malware, further emphasizing the need for heightened security measures across corporate IT infrastructures.