April, 2024
April 30, 2024 – Solution
Microsoft Releases New-Open Source Tool for OT Security Full Text
Abstract
Microsoft has released a new open-source security tool to close gaps in threat analysis for industrial control systems and help address increased nation-state attacks on critical infrastructure.Bank Info Security
April 30, 2024 – Business
KnowBe4 to Acquire Egress Full Text
Abstract
KnowBe4, a Tampa Bay, FL-based provider of security awareness training and simulated phishing platform, is to acquire Egress Software Technologies, a London, UK-based company that specializes in adaptive and integrated cloud email security.Finsmes
April 29, 2024 – Denial Of Service
DDoS Attacks Continue, Post-Election, Against Russian Independent Media Site Meduza Full Text
Abstract
In April, Meduza faced two large-scale distributed denial-of-service (DDoS) attacks, prompting it to reach out to Qurium to investigate their origin and composition, the researchers said.The Record
April 29, 2024 – Government
More Than 800 Vulnerabilities Resolved Through CISA Ransomware Notification Pilot Full Text
Abstract
The Ransomware Vulnerability Warning Pilot was unveiled in January 2023 as a program designed to “identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors.”The Record
April 29, 2024 – Government
British Intelligence Moves to Protect Research Universities From Espionage Full Text
Abstract
The head of Britain’s domestic intelligence agency warned the country’s leading research universities on Thursday that foreign states are targeting their institutions and imperiling national security.The Record
April 29, 2024 – General
Report: 73% of SME Security Professionals Missed or Ignored Critical Alerts Full Text
Abstract
IT staff at SMEs is overwhelmed by the complexity and demands of managing multiple tools in their security stack, leading them to miss critical severity events and weaken their company’s security posture, according to Coro.Help Net Security
April 29, 2024 – Government
DHS Announces AI Safety Board with OpenAI Founder, CEOs of Microsoft, Nvidia, IBM Full Text
Abstract
Members will include representatives of tech companies, critical infrastructure entities, academia, and government agencies, as well as “leaders in the civil rights, civil liberties, and privacy communities,” DHS Secretary Alejandro Mayorkas said.The Record
April 29, 2024 – Policy and Law
Know-Your-Customer Executive Order Facing Stiff Opposition From Cloud Industry Full Text
Abstract
A controversial executive order that would require U.S. cloud companies to closely monitor the identities of their customers will move one step closer to the finish line next week amid opposition from the industry.The Record
April 29, 2024 – Solution
LSA Whisperer: Open-source tools for interacting with authentication packages Full Text
Abstract
The tool allows users to directly recover multiple types of credentials from the LSASS without accessing its memory. This includes recovering Kerberos tickets, SSO cookies, DPAPI credential keys, and NTLMv1 responses.Help Net Security
April 29, 2024 – Attack
Okta Warns of Unprecedented Scale in Credential Stuffing Attacks on Online Services Full Text
Abstract
The attacks recently observed by Okta route requests through anonymizing services like TOR and residential proxies such as NSOCKS, Luminati, and DataImpulse. The experts noticed that millions of requests have been routed through these services.Security Affairs
April 29, 2024 – General
Most People Still Rely on Memory or Pen and Paper for Password Management Full Text
Abstract
A Bitwarden survey showed that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%).Help Net Security
April 29, 2024 – Phishing
Japanese police create fake support scam payment cards to warn victims Full Text
Abstract
The cards are labeled "Virus Trojan Horse Removal Payment Card" and "Unpaid Bill Late Fee Payment Card," and were created by the Echizen Police in the Fukui prefecture in Japan as an alert mechanism.Bleeping Computer
April 27, 2024 – Vulnerabilities
Thousands of Qlik Sense Servers Open to Cactus Ransomware Full Text
Abstract
Nearly five months after security researchers warned of the Cactus ransomware group leveraging a set of three vulnerabilities in Qlik Sense data analytics and BI platform, many organizations remain dangerously vulnerable to the threat.Dark Reading
April 27, 2024 – Phishing
FBI: Fraudsters Using Fake Online Dating Verification Apps to Scam Lovers Full Text
Abstract
The FBI published a warning on Friday about the scam, noting that it was akin to an offshoot of romance scams and pig butchering schemes that have proliferated in recent years.The Record
April 27, 2024 – Phishing
Bogus npm Packages Used to Trick Software Developers into Installing Malware Full Text
Abstract
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor.The Hacker News
April 27, 2024 – Malware
Zero-Day from 2017 Used Along With Cobalt Strike Loader in Unholy Alliance Full Text
Abstract
The operation involves a malicious PPSX file that drops a custom loader for the Cobalt Strike Beacon malware. The loader employs various techniques to slow down analysis and bypass security solutions.Deep Instinct
April 26, 2024 – Malware
New Brokewell Malware Takes Over Android Devices, Steals Data Full Text
Abstract
The malware is delivered through a fake Google Chrome update that is shown while using the web browser. Brokewell is under active development and features a mix of extensive device takeover and remote control capabilities.Bleeping Computer
April 26, 2024 – Phishing
North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures Full Text
Abstract
The Lazarus Group's use of job offer lures to infiltrate targets is not new. Dubbed Operation Dream Job, the long-running campaign has a track record of using various social media and instant messaging platforms to deliver malware.The Hacker News
April 26, 2024 – Malware
Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries Full Text
Abstract
First discovered in 2022, Godfather — which can record screens and keystrokes, intercepts 2FA calls and texts, initiates bank transfers, and more — has quickly become one of the most widespread malware-as-a-service offerings in cybercrime.Dark Reading
April 26, 2024 – Vulnerabilities
Researchers Found 18 Vulnerabilities in Brocade SANnav Full Text
Abstract
Three of the vulnerabilities could allow an attacker to send malicious data, intercept credentials sent in clear text, and potentially compromise the entire Fibre Channel infrastructure.Pierre Kim
April 26, 2024 – Phishing
Autodesk Hosting PDF Files Used in Microsoft Phishing Attacks Full Text
Abstract
Researchers discovered a sophisticated phishing campaign that is using compromised email accounts and Autodesk's file sharing platform to steal Microsoft login credentials from victims.Net Craft
April 26, 2024 – Business
ThreatLocker Raises $115M in Series D Funding Full Text
Abstract
The round was led by existing investor General Atlantic, with participation from other major investors StepStone Group and the D. E. Shaw group. The company intends to use the funds to drive product innovation and accelerate its global expansion.Finsmes
April 25, 2024 – Phishing
Attackers Leverage Black Hat SEO Techniques to Distribute Info-Stealer Malware Full Text
Abstract
Threat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs.ZScaler
April 25, 2024 – Insider Threat
Ring Customers Get $5.6 Million in Privacy Breach Settlement Full Text
Abstract
The FTC is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections.Bleeping Computer
April 25, 2024 – Vulnerabilities
Vulnerabilities in Microsoft’s PlayReady DRM Could Enable Illegal Movie Downloads From Streaming Services Full Text
Abstract
The research identified deficiencies in various PMP components that could be exploited to gain access to plaintext content keys guarded by PlayReady DRM in Windows 10/11 environments.Security Explorations
April 25, 2024 – Attack
ArcaneDoor Hackers Exploit Cisco Zero-Days to Breach Government Networks Full Text
Abstract
The hackers, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, began infiltrating vulnerable edge devices in early November 2023 in a cyber-espionage campaign tracked as ArcaneDoor.Bleeping Computer
April 25, 2024 – General
Report: Security Leaders Braced for Daily AI-Driven Attacks by Year-End Full Text
Abstract
Most businesses are concerned about AI-enabled cyber-threats, with 93% of security leaders expecting to face daily AI-driven attacks by the end of 2024, according to a new report by Netacea.Infosecurity Magazine
April 25, 2024 – Cryptocurrency
Feds Accuse Founders of Cryptocurrency Mixer of ‘Large-Scale Money Laundering’ Full Text
Abstract
The two founders of a cryptocurrency mixing service that allegedly obfuscated the origins of at least $100 million in criminal proceeds have been arrested, the Department of Justice announced Wednesday.The Record
April 25, 2024 – Vulnerabilities
Maximum Severity Flowmon Bug has a Public Exploit, Patch Now Full Text
Abstract
Flowon developer Progress Software first alerted about the flaw on April 4, warning that it impacts versions of the product v12.x and v11.x. The company urged system admins to upgrade to the latest releases, v12.3.4 and 11.1.14.Bleeping Computer
April 25, 2024 – Government
CISA Warns of Cisco and CrushFTP Vulnerabilities Being Actively Exploited Full Text
Abstract
On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco product vulnerabilities — CVE-2024-20353 and CVE-2024-20359 — as well as one vulnerability affecting popular file transfer tool CrushFTP.The Record
April 25, 2024 – Solution
Google Meet opens client-side encrypted calls to non Google users Full Text
Abstract
Google announced it is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls.Bleeping Computer
April 25, 2024 – Hacker
Chinese, Russian Espionage Campaigns Increasingly Targeting Edge Devices Full Text
Abstract
Chinese and Russian hackers have turned their focus to edge devices — like VPN appliances, firewalls, routers and Internet of Things (IoT) tools — amid a startling increase in espionage attacks, according to Google security firm Mandiant.The Record
April 24, 2024 – Vulnerabilities
Security Bugs in a Popular Phone-Tracking App Exposed Users’ Precise Locations Full Text
Abstract
A security researcher discovered vulnerabilities in the popular phone-tracking app iSharing, which has over 35 million users. The bugs allowed a user to access others' precise coordinates, even if the user wasn't actively sharing their location data.Tech Crunch
April 24, 2024 – Phishing
Google Ad for Facebook Redirects to Scam Full Text
Abstract
Researchers observed a malicious ad campaign targeting Facebook users via Google search. The ad, which appears at the top of Google search results for the keyword "Facebook," redirects users to a scam page.Malwarebytes
April 24, 2024 – Malware
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike Full Text
Abstract
"SSLoad is designed to stealthily infiltrate systems, gather sensitive information and transmit its findings back to its operators," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News.The Hacker News
April 24, 2024 – Breach
Iran Dupes US Military Contractors, Gov’t Agencies in Cyber Campaign Full Text
Abstract
An Iranian state-sponsored hacking group successfully infiltrated hundreds of thousands of employee accounts at US companies and government agencies, including the US Treasury and State Department, as part of a five-year cyber espionage campaign.Dark Reading
April 24, 2024 – Vulnerabilities
Major Security Flaws Expose Keystrokes of Over One Billion Chinese Keyboard App Users Full Text
Abstract
The vulnerabilities could be exploited to "completely reveal the contents of users' keystrokes in transit," researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert said.The Hacker News
April 24, 2024 – General
Report: Attacker Dwell Time Down, Ransomware up in 2023 Full Text
Abstract
According to a new report by Mandiant, which is based on Mandiant Consulting investigations during 2023, the global median dwell time for attackers fell to its lowest point since the company began tracking the metric in 2011.Tech Target
April 24, 2024 – Disinformation
Hackers Publish Fake Story About Ukrainians Attempting To Assassinate Slovak President Full Text
Abstract
An unidentified attacker hacked a Czech news service's website and published a fake story on Tuesday claiming that an assassination attempt had been made against the newly elected Slovak president Petr Pellegrini.The Record
April 24, 2024 – General
Report: Fifth of UK Companies Admit Staff Leaked Data via GenAI Full Text
Abstract
One in five UK companies has experienced sensitive corporate data exposure due to employees' use of generative AI (GenAI), according to a report by cybersecurity services provider RiverSafe.Infosecurity Magazine
April 24, 2024 – Policy and Law
US Gov Slaps Visa Restrictions on Spyware Honchos Full Text
Abstract
The US State Department is imposing visa restrictions on 13 people involved in the development and sale of commercial spyware, as well as their spouses and children. The State Department can deny these people entrance to the United States.Dark Reading
April 24, 2024 – Business
Veeam Acquires Coveware to Boost its Ransomware Protection Capabilities Full Text
Abstract
Veeam Software announced the acquisition of Coveware, a provider of cyber-extortion incident response. It brings ransomware recovery and first responder capabilities to further strengthen Veeam’s radical resilience solutions for customers.Help Net Securit
April 23, 2024 – Breach
This Website is Selling Billions of Private Messages of Discord Users Full Text
Abstract
The website Spy.pet has been involved in a major privacy breach, selling billions of private messages from Discord users. This breach exposes personal information, private photos, financial details, and potentially company secrets.Hack Read
April 23, 2024 – General
Vulnerability Exploitation on the Rise as Attackers Ditch Phishing Full Text
Abstract
In a move away from traditional phishing scams, attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, according to Mandiant’s M-Trends 2024 Report.Infosecurity Magazine
April 23, 2024 – APT
Russian APT28 Group in New “GooseEgg” Hacking Campaign Full Text
Abstract
A notorious Russian APT group has been stealing credentials for years by exploiting a Windows Print Spooler bug and using a novel post-compromise tool known as “GooseEgg,” Microsoft has revealed.Infosecurity Magazine
April 23, 2024 – Government
CISA to Issue List of Software Products Critical to Agency Security by End of September Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency is targeting a September 30 deadline to give federal agencies a list of example software products deemed critical for the federal government’s cyber posture.NextGov
April 23, 2024 – Malware
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining Full Text
Abstract
The GuptiMiner malware campaign, discovered by Avast, involved hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The campaign was orchestrated by a threat actor with possible ties to Kimsuky.Avast
April 23, 2024 – Phishing
Fraudsters Exploit Telegram’s Popularity for Toncoin Scam Full Text
Abstract
The perpetrators attract unsuspecting Telegram users through a referral system, enticing them with promises of an “exclusive earning program” shared via contacts in their network.Infosecurity Magazine
April 23, 2024 – Phishing
Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar Full Text
Abstract
A phishing campaign exploiting a bug in Nespresso's website has been able to evade detection by taking advantage of security tools that fail to look for malicious nested or hidden links.Dark Reading
April 23, 2024 – Hacker
Microsoft Warns of North Korean Hackers Turning to AI-Fueled Cyber Espionage Full Text
Abstract
Microsoft specifically highlighted a group named Emerald Sleet (aka Kimusky or TA427), which has been observed using LLMs to bolster spear-phishing efforts aimed at Korean Peninsula experts.The Hacker News
April 23, 2024 – Ransomware
Behavioral Patterns of Ransomware Groups are Changing Full Text
Abstract
The ransomware landscape has undergone significant changes in Q1 2024, with major shifts in the behavior of Ransomware-as-a-Service (RaaS) groups, according to GuidePoint Security's GRIT Q1 2024 Ransomware Report.Help Net Security
April 23, 2024 – Attack
Russian Sandworm Hackers Targeted 20 Critical Organizations in Ukraine Full Text
Abstract
CERT-UA reports that in March 2024, APT44 conducted operations to disrupt information and communication systems at energy, water, and heating suppliers in 10 regions of Ukraine.Bleeping Computer
April 22, 2024 – Botnet
Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack Full Text
Abstract
Androxgh0st operators are exploiting multiple CVEs, including CVE-2021-3129 and CVE-2024-1709 to deploy a web shell on vulnerable servers, granting remote control capabilities. Evidence also suggests active web shells associated with CVE-2019-2725.Hack Read
April 22, 2024 – Vulnerabilities
Dependency Confusion Vulnerability Found in Apache Project Full Text
Abstract
The exploit occurs when referencing a private/local package, which inadvertently fetches a malicious package similarly named from the public registry due to misconfigurations in package managers.Infosecurity Magazine
April 22, 2024 – Attack
Malicious PyPI Package Attacking Discord Users to Steal Credentials Full Text
Abstract
A malicious PyPI package named "discordpy_bypass-1.7" was detected on March 12, 2024. This package is designed to extract sensitive information from user systems using a blend of persistence techniques, browser data extraction, and token harvesting.Fortinet
April 22, 2024 – Phishing
From Water to Wine: An Analysis of WINELOADER Full Text
Abstract
A recent malware campaign used weaponized ZIP files to distribute the WINELOADER malware. The attackers send phishing emails with ZIP attachments that, when extracted, execute a PowerShell script to download and install the malware.Splunk
April 22, 2024 – Criminals
Malware Developer Lures Child Exploiters Into Honeytrap to Extort Them Full Text
Abstract
Threat actors created a website to impersonate UsenetClub, a subscription service for "uncensored" access to images and videos downloaded from Usenet. They claimed to provide free access to the site after the installation of a "CryptVPN" software.Bleeping Computer
April 22, 2024 – Vulnerabilities
Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers Full Text
Abstract
New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.The Hacker News
April 22, 2024 – Attack
Ukrainian Soldiers’ Apps Increasingly Targeted for Spying, Cyber Agency Warns Full Text
Abstract
The agency is attributing the surge to a group tracked as UAC-0184, which was spotted in February targeting an unnamed Ukrainian entity in Finland. CERT-UA does not attribute UAC-0184’s activity to any specific foreign cyber threat group.The Record
April 22, 2024 – Government
UK Cyber Agency NCSC Announces Richard Horne as its Next Chief Executive Full Text
Abstract
The hire marks another coup for the British public sector in poaching talent from the technology industry, particularly at the executive level, following the recruitment of Ollie Whitehouse as the NCSC’s chief technology officer earlier this year.The Record
April 22, 2024 – Phishing
Researchers Find Dozens of Fake E-Zpass Toll Websites After FBI Warning Full Text
Abstract
Researchers from cybersecurity firm DomainTools told Recorded Future News that they have found nearly 30 newly created domains related to tolls, 15 of which have a “high chance of being weaponized for phishing, malware, or spam.”The Record
April 22, 2024 – General
Report: 51% of Enterprises Experienced a Breach Despite Large Security Stacks Full Text
Abstract
Threat actors are continuing to successfully breach across the entire attack surface. Around 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according to a survey by Pentera.Help Net Security
April 20, 2024 – Vulnerabilities
CrushFTP Warns Users to Patch Exploited Zero-Day “Immediately” Full Text
Abstract
As the company also explains in a public security advisory published on Friday, this zero-day bug enables unauthenticated attackers to escape the user's virtual file system (VFS) and download system files.Bleeping Computer
April 20, 2024 – Vulnerabilities
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware Full Text
Abstract
In a briefing at Black Hat Asia, Shmuel Cohen, security researcher at SafeBreach, described how he not only reverse-engineered and cracked into the company's signature Cortex product but also weaponized it to deploy a reverse shell and ransomware.Dark Reading
April 20, 2024 – Attack
Hackers Target Middle East Governments with Evasive “CR4T” Backdoor Full Text
Abstract
The starting point of the attack is a dropper, which comes in two variants -- a regular dropper that's either implemented as an executable or a DLL file and a tampered installer file for a legitimate tool named Total Commander.The Hacker News
April 19, 2024 – Malware
Fake Cheat Lures Gamers Into Spreading Infostealer Malware Full Text
Abstract
A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too.Bleeping Computer
April 19, 2024 – Government
NSA Shares Best Practices for Secure AI Systems Full Text
Abstract
The guidance offers a wide range of best practices, including that organizations adopt a zero trust mindset, actively monitor the AI model’s behavior, and require the primary developer of the AI system to provide a threat model for their system.Meritalk
April 19, 2024 – General
Dark Web Sales Driving Major Rise in Credential Attacks Full Text
Abstract
A rise in infostealer malware attacks over the past three years has enabled cybercriminal groups to turn credential stealing into a major money-making business, paving the way for new entrants in the field and sophisticated hacking techniques.Bank Info Security
April 19, 2024 – Government
CISA, FBI, and ODNI Release Guidance for Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations Full Text
Abstract
The guidance document details the latest tactics employed in foreign malign influence operations to shape U.S. policies, decisions, and discourse and could be used to target America’s election infrastructure.CISA
April 19, 2024 – General
Trust in Cyber Takes a Knock as CNI Budgets Flatline Full Text
Abstract
Trust in cybersecurity tools has become one of the biggest challenges facing critical national infrastructure (CNI) providers as sophisticated nation-state attacks proliferate, according to a new report from Bridewell.Infosecurity Magazine
April 19, 2024 – Government
CISA, FBI, Europol Say Akira Ransomware Raked in $42 Million From Over 250 Victims Full Text
Abstract
According to a joint advisory from the FBI, CISA, Europol's EC3, and the Netherlands' NCSC-NL, the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments.Bleeping Computer
April 19, 2024 – General
Hacking the Floodgates: US Dams Face Growing Cyber Threats Full Text
Abstract
Could a hacker seize control of America's dams, unleashing floods and chaos across vulnerable communities? Cybersecurity analysts and leading lawmakers warn it's possible.Bank Info Securit
April 18, 2024 – Solution
US Government and OpenSSF Partner on New SBOM Management Tool Full Text
Abstract
Protobom, the new open source software tool, will help all organizations read and generate SBOMs and file data, as well as translate this data across standard industry SBOM formats.Infosecurity Magazine
April 18, 2024 – Criminals
Global Police Operation Disrupts ‘LabHost’ Phishing Service, Over 30 Arrested Worldwide Full Text
Abstract
As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world.The Hacker News
April 18, 2024 – General
IT and Security Professionals Demand More Workplace Flexibility Full Text
Abstract
The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti.Help Net Security
April 18, 2024 – Attack
FIN7 Targets American Automaker’s IT Staff in Phishing Attacks Full Text
Abstract
The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor.Bleeping Computer
April 18, 2024 – Phishing
Malvertising Campaign Targeting IT Teams with MadMxShell Backdoor Full Text
Abstract
The backdoor uses techniques such as multiple stages of DLL sideloading and DNS tunneling for command-and-control (C2) communication as a means to evade endpoint and network security solutions, respectively.ZScalar
April 18, 2024 – Insider Threat
Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites Full Text
Abstract
Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas.Infosecurity Magazine
April 18, 2024 – Breach
Russian Sandworm Hackers Pose as Hacktivists in Water Utility Breaches Full Text
Abstract
In a report today, Mandiant says that Sandworm relied on three main hacktivist-branded Telegram channels named XakNet Team, CyberArmyofRussia_Reborn, and Solntsepek, all operating in parallel and independently of one another.Bleeping Computer
April 18, 2024 – Botnet
Moldovan Charged for Operating Botnet Used to Push Ransomware Full Text
Abstract
The U.S. Justice Department charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States.Bleeping Computer
April 18, 2024 – Cryptocurrency
Possible Chinese Hackers Use OpenMetadata for Cryptomining Full Text
Abstract
Hackers who appear to be Chinese are exploiting vulnerabilities in the OpenMetadata platform running as workloads on Kubernetes clusters to download cryptomining software, warns Microsoft.Bank Info Security
April 18, 2024 – Business
Armis Buys Cyber Remediation Startup Silk Security for $150M Full Text
Abstract
Armis has purchased a security prioritization and remediation vendor led by a Goldman Sachs veteran to more effectively address vulnerabilities and misconfigurations with AI and automation.Bank Info Securit
April 17, 2024 – Vulnerabilities
Ivanti Warns of Critical Flaws in Its Avalanche MDM Solution Full Text
Abstract
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution.Bleeping Computer
April 17, 2024 – Attack
Russia is Trying to Sabotage European Railways, Czech Minister Said Full Text
Abstract
Czech transport minister Martin Kupka confirmed that Russia-linked threat actors conducted “thousands of attempts to weaken our systems” since the beginning of the Russian invasion of Ukraine.Security Affairs
April 17, 2024 – Attack
Russian Sandworm Group Using Novel Backdoor to Target Eastern and Central Europe Full Text
Abstract
The previously unreported backdoor, dubbed ‘Kapeka’, has a high level of stealth and sophistication, designed to both serve as an early-stage toolkit for its operators, and also to provide long-term access to the victim estate.Infosecurity Magazine
April 17, 2024 - Policy and Law
New Bill Would Create a Governing Body for Water System Cyber Standards Full Text
Abstract
A measure led by two House Republicans would enable the Environmental Protection Agency to certify a governing body to develop and recommend cybersecurity requirements for water treatment and wastewater systems.NextGov
April 17, 2024 – Vulnerabilities
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware Full Text
Abstract
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The vulnerability (CVE-2023-22518) allows an unauthenticated attacker to reset Confluence and create an administrator account.The Hacker News
April 17, 2024 – Vulnerabilities
Several GTKWave Vulnerabilities Fixed in Debian Full Text
Abstract
Recently, the Debian security team fixed several issues in GTKWave, an open-source waveform viewer for VCD files. These vulnerabilities, if exploited, could result in the execution of arbitrary code, posing a significant risk to users.Tuxcare
April 17, 2024 – General
T-Mobile, Verizon Workers Get Texts Offering $300 for SIM Swaps Full Text
Abstract
According to many reports, this is part of a campaign targeted at current and former mobile carrier workers who could have access to the systems required to perform a SIM swap.Bleeping Computer
April 17, 2024 – Botnet
Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread Full Text
Abstract
Recently, FortiGuard Labs observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent “AGoent,” and the Gafgyt Variant.Fortinet
April 17, 2024 – Vulnerabilities
Update: Researchers Released Exploit Code for Actively Exploited Palo Alto Networks PAN-OS Bug Full Text
Abstract
Researchers at watchTowr Labs have released a technical analysis of the vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS and a proof-of-concept exploit that can be used to execute shell commands on vulnerable firewalls.Security Affairs
April 17, 2024 – Criminals
BreachForums Down, But Not Out: Hackers Claim Attack, Admins Remain Unfazed Full Text
Abstract
The domain of the notorious BreachForums data leak and hacking forum has been taken down by rival threat actors. The threat actor group, R00TK1T, along with the Cyber Army of Russia, announced a breach of user data following the takedown.The Cyber Expres
April 16, 2024 – Policy and Law
Top Officials Again Push Back on Ransom Payment Ban Full Text
Abstract
Due to multiple reasons, the Institute for Security and Technology’s Ransomware Task Force threw cold water on the need for a ransomware payment ban in a report released Wednesday.Cybersecurity Dive
April 16, 2024 – Criminals
Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown Full Text
Abstract
Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird).The Hacker News
April 16, 2024 – Botnet
Report: Bad Bots Drive 10% Annual Surge in Account Takeover Attacks Full Text
Abstract
Internet traffic associated with malicious bots now accounts for a third (32%) of the total, driving a 10% year-on-year (YoY) increase in account takeover (ATO) attacks last year, according to Imperva.Infosecurity Magazine
April 16, 2024 – Policy and Law
FTC Bans Online Mental Health Firm From Sharing Certain Data Full Text
Abstract
The FTC in its complaint against Cerebral Inc. and the company's former CEO Kyle Robertson, alleges unfair or deceptive practice violations of the FTC Act and the Opioid Act, which pertains to substance use disorder treatment services.Bank Info Security
April 16, 2024 – Solution
Microsoft will Limit Exchange Online Bulk Emails to Fight Spam Full Text
Abstract
"Exchange Online enforces a Recipient Rate limit of 10,000 recipients. The 2,000 ERR limit will become a sub-limit within this 10,000 Recipient Rate limit," the Exchange Team said on Monday.Bleeping Computer
April 16, 2024 – Vulnerabilities
AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs Full Text
Abstract
New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations.The Hacker News
April 16, 2024 – Phishing
Report: Microsoft Most Impersonated Brand in Phishing Scams Full Text
Abstract
Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, according to new data from Check Point. Google was the second most impersonated brand in Q1 2024, making up 11% of attempts.Infosecurity Magazine
April 16, 2024 – Attack
Blackjack Group Used ICS Malware Fuxnet Against Russian Targets Full Text
Abstract
The attack chain sees hackers targeting a list of sensor gateways IPs. Threat actors distributed their malware to each target, likely either through remote-access protocols such as SSH or the sensor protocol (SBK) over port 4321.Security Affairs
April 16, 2024 – Policy and Law
Law Firm to Pay $8M to Settle Health Data Hack Lawsuit Full Text
Abstract
Orrick Herrington & Sutcliffe's proposed agreement with plaintiffs, filed last week in a northern California federal court, settles four proposed consolidated class action lawsuits filed against it in the wake of the March 2023 hacking incident.Bank Info Security
April 16, 2024 – Attack
New SteganoAmor Attacks Use Steganography to Target 320 Organizations Globally Full Text
Abstract
The attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017.Bleeping Computer
April 15, 2024 – Vulnerabilities
Update: Palo Alto Networks Fixes Zero-Day Exploited to Backdoor Firewalls Full Text
Abstract
This maximum severity security flaw (CVE-2024-3400) affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with device telemetry and GlobalProtect (gateway or portal) enabled.Bleeping Computer
April 15, 2024 – General
Cloned Voice Tech Is Coming for Bank Accounts Full Text
Abstract
At many financial institutions, your voice is your password. Tiny variations in pitch, tone and timbre make human voices unique - apparently making them an ideal method for authenticating customers phoning for service.Bank Info Security
April 15, 2024 – Hacker
Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks Full Text
Abstract
The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data.The Hacker News
April 15, 2024 – Government
US Cyber Command Expanded ‘Hunt Forward’ Operations in 2023 Full Text
Abstract
A secretive U.S. cyber military force ramped up global operations in 2023, executing more than double the average number of "hunt forward" campaigns than the previous five years, according to the head of U.S. Cyber Command.Bank Info Security
April 15, 2024 – Malware
Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users Full Text
Abstract
Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy.The Hacker News
April 15, 2024 – Business
Cyderes Acquires Ipseity Security to Enhance IAM Full Text
Abstract
Global cybersecurity services provider Cyderes has acquired Ipseity Security, a Canadian company specializing in identity and access management (IAM). The financial terms of the deal were not disclosed.ChannelE2E
April 15, 2024 – Criminals
European Police Swoop on $685m Cannabis Investment Fraud Gang Full Text
Abstract
JuicyFields operated as a classic Ponzi scheme between 2020 and July 2022, according to Europol. Promising high returns with little to no risk, the scammers simply used money from new investors to pay returns to earlier ones.Infosecurity Magazine
April 15, 2024 – Business
Upstream Security Gets Cisco Investment to Protect Connected Vehicles and Devices Full Text
Abstract
Upstream Security, an Israeli auto cybersecurity startup, said on Wednesday it received an undisclosed investment from Cisco Investments as demand grows for internet-connected vehicles and other devices.Yahoo
April 15, 2024 – Vulnerabilities
Critical Vulnerability in Delinea Secret Server Allows Auth Bypass, Admin Access Full Text
Abstract
Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets.Help Net Security
April 15, 2024 – Cryptocurrency
FatalRAT Targets Cryptocurrency Users With DLL Side-loading Techniques Full Text
Abstract
This campaign’s strategic inclusion of a clipper module alongside FatalRAT hints at a targeted approach towards cryptocurrency users, amplifying data interception capabilities with the addition of a keylogger module.The Cyber Express
April 13, 2024 – Government
CISA Orders Agencies Impacted by Microsoft Hack to Mitigate Risks Full Text
Abstract
CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group.Bleeping Computer
April 13, 2024 – Vulnerabilities
Telegram Fixes Windows App Zero-Day Used to Launch Python Scripts Full Text
Abstract
A proof of concept exploit was shared on the XSS hacking forum explaining that a typo in the source code for Telegram for Windows could be exploited to send Python .pyzw files that bypass security warnings when clicked.Bleeping Computer
April 13, 2024 – Hacker
North Korean Hackers Exploit Two MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse Full Text
Abstract
The first, not entirely new, sub-technique involves manipulation of Transparency, Consent, and Control (TCC), a security protocol that regulates application permissions on Apple's macOS.Dark Reading
April 13, 2024 – Government
FBI Warns of Massive Wave of Road Toll SMS Phishing Attacks Full Text
Abstract
While the mobile phishing campaign has yet to reach some U.S. regions, this can be explained by the fact that complaint information collected so far by IC3 indicates the scam may be moving from state to state.Bleeping Computer
April 12, 2024 – Vulnerabilities
Intel and Lenovo Servers Impacted by 6-Year-Old BMC Flaw Full Text
Abstract
The security issue could lead to the exfiltration of process memory addresses, which could help attackers bypass protection mechanisms like Address Space Layout Randomization (ASLR).Bleeping Computer
April 12, 2024 – Solution
Apple Boosts Spyware Alerts For Mercenary Attacks Full Text
Abstract
Apple has updated its documentation related to its warning system for mercenary spyware threats, now specifying that it alerts users when they may have been individually targeted by such attacks.Infosecurity Magazine
April 12, 2024 – Hacker
DarkBeatC2: The Latest MuddyWater Attack Framework Full Text
Abstract
The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go.Deep Instinct
April 12, 2024 – Vulnerabilities
Microsoft Fixed Two Zero-Day Flaws Exploited in Malware Attacks Full Text
Abstract
Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware payloads on vulnerable systems.Security Affairs
April 12, 2024 – Vulnerabilities
Palo Alto Networks Fixed Multiple DoS Bugs in its Firewalls Full Text
Abstract
Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system, including CVE-2024-3385, CVE-2024-3384, CVE-2024-3382.Security Affairs
April 12, 2024 – Solution
How Exposure Management Elevates Cyber Resilience Full Text
Abstract
Attackers are adept at identifying and exploiting the most cost-effective methods of compromise, highlighting the critical need for organizations to implement asset identification and understand assets’ security posture in relation to the network.Help Net Security
April 11, 2024 – Vulnerabilities
X Fixes URL Blunder That Could Enable Social Media Phishing Full Text
Abstract
Users started noticing on Monday that X's programmers implemented a rule on its iOS app that auto-changed Twitter.com links that appeared in Xeets (tweets) to X.com links.The Register
April 11, 2024 – Vulnerabilities
New Spectre v2 Attack Impacts Linux Systems Running on Intel CPUs Full Text
Abstract
Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.Bleeping Computer
April 11, 2024 – Attack
Rhadamanthys Malware Deployed By TA547 Against German Targets Full Text
Abstract
What’s particularly intriguing according to the researchers is the actor’s apparent employment of a PowerShell script likely generated by large language models (LLMs) such as ChatGPT, Gemini or CoPilot.Infosecurity Magazine
April 11, 2024 – General
UK’s Attitude to Security Spotlit by Government Figures Full Text
Abstract
The report from the Department for Science, Innovation and Technology (DSIT), painted security as more of an afterthought for UK businesses, especially when considering the figures about how breaches are handled.The Register
April 11, 2024 – General
CISO Role Shows Significant Gains Amid Corporate Recognition of Cyber Risk Full Text
Abstract
CISOs and other management-level cybersecurity executives are gaining more influence and importance as companies have begun to recognize the need for strong cyber governance and oversight, according to a report from Moody’s Ratings.Cybersecurity Dive
April 11, 2024 – Solution
New Google Workspace Feature Prevents Sensitive Security Changes if Two Admins Don’t Approve Them Full Text
Abstract
If the feature is enabled, certain sensitive admin actions can be taken only if approved by an admin who did not initiate them and thus, in theory, preventing accidental or unauthorized changes made by either malicious insiders or outsidersHelp Net Security
April 11, 2024 – Business
Wiz Buys Startup Gem Security for $350M to Spot Cloud Issues Full Text
Abstract
Wiz purchased a cloud detection and response startup founded by a longtime Israeli Military Intelligence leader to address security operations and incident response use cases.Bank Info Security
April 11, 2024 – Attack
New Technique Detected in an Open Source Supply Chain Attack Full Text
Abstract
Attackers create malicious GitHub repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users.Checkmarx
April 11, 2024 – Business
AI Data Security Startup Cyera Confirms $300M Raise at a $1.4B Valuation Full Text
Abstract
The lead investor for the Series C funding is Coatue, which is new to the startup’s cap table. Other new investors include Spark Capital, Georgian, and strategic backer AT&T Ventures.Tech Crunch
April 11, 2024 – Vulnerabilities
Rust Addresses Critical Vulnerability on Windows Full Text
Abstract
The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.The Register
April 10, 2024 – Attack
New Threat Actor Starry Addax Targets Human Rights Defenders in North Africa Full Text
Abstract
According to Cisco’s Talos threat research team, Starry Addax has been active since January 2024, orchestrating spear-phishing campaigns aimed at individuals sympathetic to the Sahrawi Arab Democratic Republic (SADR) cause.Cybersecurity Help
April 10, 2024 – Malware
Sidestepping SharePoint Security: Two New Techniques to Evade Exfiltration Detection Full Text
Abstract
These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data loss prevention, and SIEMs, by hiding downloads as less suspicious access and sync events.Varonis
April 10, 2024 – Cryptocurrency
Research Unearths RUBYCARP’s Multi-Miner Assault on Crypto Full Text
Abstract
One of the key findings from the technical write-up, published by Sysdig today, is the group’s use of a script capable of simultaneously deploying multiple cryptocurrency miners.Infosecurity Magazine
April 10, 2024 – Attack
Researchers Discover New Ransomware Gang ‘Muliaka’ Attacking Russian Businesses Full Text
Abstract
The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka," or Muddy Water in English, has left minimal traces from its attacks but has likely been active since at least December 2023.The Record
April 10, 2024 – Vulnerabilities
91,000 Smart LG TV Devices Vulnerable to Remote Takeover Full Text
Abstract
Cybersecurity researchers from Bitdefender discovered critical vulnerabilities in LG TVs running webOS versions 4 through 7. These vulnerabilities could allow attackers to gain complete control over the TV, steal data, or install malware.Hack Read
April 10, 2024 – Vulnerabilities
Novel Ahoi Attacks Could Compromise Confidential VMs Full Text
Abstract
The researchers presented two variations of what they call Ahoi attacks. One of them, dubbed Heckler, involves a malicious hypervisor injecting interrupts to alter data and control flow, breaking the integrity and confidentiality of CVMs.SC Magazine
April 10, 2024 – APT
Vedalia APT Group Exploits Oversized LNK Files in Malware Campaign Full Text
Abstract
The Vedalia APT group has ingeniously utilized LNK files with double extensions, effectively masking the malicious .lnk extension. This tactic deceives users into believing the files are harmless, increasing the likelihood of execution.Broadcom
April 9, 2024 – Phishing
Phishing Deception - Suspended Domains Reveal Malicious Payload for Latin American Region Full Text
Abstract
The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice. The email header has an email address format that uses the domain ‘temporary[.]link’.Trustwave
April 9, 2024 – Phishing
Microsoft Two-Step Phishing Campaign Targets LinkedIn Users Full Text
Abstract
A new LinkedIn threat combines breached users’ accounts and an evasive 2-step phishing attack. A recent Python-based infostealer called Snake targets Facebook users with malicious messages.Perception Point
April 9, 2024 – Government
US Health Deptarment Warns Hospitals of Hackers Targeting IT Help Desks Full Text
Abstract
The U.S. Department of Health and Human Services (HHS) warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector.Bleeping Computer
April 9, 2024 – Attack
Hackers Deploy Crypto Drainers on Thousands of WordPress Sites Full Text
Abstract
According to cybersecurity researcher MalwareHunterTeam, the threat actors have now begun monetizing the pool of compromised WordPress sites to display pop-ups promoting fake NFT offers and crypto discounts.Bleeping Computer
April 9, 2024 – Vulnerabilities
Patches for CVE-2024-1086 for CloudLinux 6h, 7 Users on KernelCare Live Full Text
Abstract
The KernelCare team is working on deploying a live patch for CVE-2024-1086 for CloudLinux users. A patch has already been released for CloudLinux 6h and CloudLinux 7, and users can manually update without a live patch.Tuxcare
April 9, 2024 – Criminals
Cybercriminal Adoption of Browser Fingerprinting Full Text
Abstract
Numerous pieces of data can be collected as a part of fingerprinting, including Time zone, Language settings, IP address, Cookie settings, Screen resolution, Browser privacy, and User-agent string.Help Net Security
April 9, 2024 – Malware
Automating Pikabot’s String Deobfuscation Full Text
Abstract
Previous versions of Pikabot used advanced string encryption techniques, which have been replaced with simpler algorithms. Previously, the strings were encrypted using a combination of AES-CBC and RC4 algorithms.ZScalar
April 9, 2024 – Phishing
ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins Full Text
Abstract
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets.Fortinet
April 9, 2024 – General
Malware-Initiated Vulnerability Scanning is on the Rise Full Text
Abstract
Threat actors have been using scanning methods to pinpoint vulnerabilities in networks or systems for a very long time. Some scanning attacks originate from benign networks likely driven by malware on infected machines.Palo Alto Networks
April 8, 2024 – Attack
Escalation of Fake E-Shop Campaign Threatens Banking Security in Multiple Regions Full Text
Abstract
The threat actor behind the fake e-shop campaign leverages tools such as the open-source string obfuscator “Paranoid” and the Janus WebRTC module, showcasing a deep understanding of technological intricacies to evade detection and amplify impact.The Cyber Express
April 8, 2024 – Breach
Hotel Check-In Terminal Leaks Rafts of Guests’ Room Codes Full Text
Abstract
Martin Schobert at Swiss security firm Pentagrid discovered that an attacker could input a series of six consecutive dashes (------) in place of a booking reference number and the terminal would return an extensive list of room details.The Register
April 8, 2024 – Malware
Fake Facebook MidJourney AI Page Promoted Malware to 1.2 Million People Full Text
Abstract
Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware.Bleeping Computer
April 8, 2024 – Policy and Law
Google Sues Crypto Investment App Makers Over Alleged Massive “Pig Butchering” Scam Full Text
Abstract
Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps.Bit Defender
April 8, 2024 – Malware
Hackers can Use AI Hallucinations to Spread Malware Full Text
Abstract
One security researcher investigating AI-hallucinated libraries said late last month that he found chatbots calling for a nonexistent Python package dubbed "huggingface-cli."Healthcare Info Security
April 8, 2024 – Vulnerabilities
Over 92,000 Internet-Facing D-Link NAS Devices can be Easily Hacked Full Text
Abstract
A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, that impacts multiple end-of-life D-Link NAS device models.Security Affairs
April 8, 2024 – Government
US Chamber of Commerce, Industry Groups Call for 30-Day Delay in CIRCIA Rules Full Text
Abstract
The U.S. Chamber of Commerce and multiple industry leaders are calling for a month-long extension of the 60-day comment period for a new incident reporting rule being issued by the top cybersecurity agency in the U.S.The Record
April 8, 2024 – Business
Permiso Secures $18.5 Million in Series A Funding to Fortify Cloud Identity Security Landscape Full Text
Abstract
According to Silicon Angle, this significant injection of capital is spearheaded by Altimeter Capital Management LP, with notable participation from Point72 Ventures LLC, marking a new milestone for the company founded in 2020.Fintech
April 8, 2024 – Attack
UK: Police Launch Inquiry After MPs Targeted in Apparent ‘Spear-Phishing’ Attack Full Text
Abstract
A police investigation has been launched after MPs were apparently targeted in a “spear-phishing” attack, in what security experts believe could be an attempt to compromise the UK Parliament.The Guardian
April 8, 2024 – Vulnerabilities
Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft Full Text
Abstract
Cloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, namely shared Inference infrastructure takeover and shared CI/CD takeover.Infosecurity Magazine
April 6, 2024 – Phishing
Phishing Attacks Targeting Political Parties, Germany Warns Full Text
Abstract
"An increase of attacks can currently be assumed, particularly in light of the upcoming European elections. These may include phishing attacks to publish stolen data or documents," a BSI spokesperson told Information Security Media Group.Healthcare Info Security
April 6, 2024 – Criminals
New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame Full Text
Abstract
Cybersecurity researchers at Netenrich have uncovered a new ransomware group called Red Ransomware Group (Red CryptoApp). This group operates differently from typical ransomware outfits, adding a twist to their extortion tactics.Hack Read
April 6, 2024 – Denial Of Service
New HTTP/2 DoS Attack can Crash Web Servers with a Single TCP Connection Full Text
Abstract
Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.Bleeping Computer
April 6, 2024 – Hacker
Vietnamese Threat Actor Targeting Financial Data Across Asia Full Text
Abstract
Vietnamese financially motivated hackers are targeting businesses across Asia in a campaign to harvest corporate credentials and financial data for resale in online criminal markets.Gov Infosecurity
April 6, 2024 – Malware
New Latrodectus Malware Replaces IcedID in Network Breaches Full Text
Abstract
While similar to IcedID, Proofpoint researchers confirmed it is an entirely new malware, likely created by the IcedID developers. Latrodectus shares infrastructure overlap with historic IcedID operations.Bleeping Computer
April 6, 2024 – Malware
Visa Warns of New JSOutProx Malware Variant Targeting Financial Organizations Full Text
Abstract
First encountered in December 2019, JsOutProx is a RAT and highly obfuscated JavaScript backdoor that allows its operators to run shell commands, download additional payloads, execute files, capture screenshots, establish persistence, and more.Bleeping Computer
April 5, 2024 – Malware
Bing Ad for NordVPN Leads to SecTopRAT Full Text
Abstract
A very recent malvertising campaign was found impersonating the popular VPN software NordVPN. A malicious advertiser is capturing traffic from Bing searches and redirecting users to a decoy site that looks almost identical to the real one.Malware Bytes
April 5, 2024 – Phishing
Fake Lawsuit Threat Exposes Privnote Phishing Sites Full Text
Abstract
A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company.Kreb son Security
April 5, 2024 – Malware
Byakugan – The Malware Behind a Phishing Attack Full Text
Abstract
In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published.Fortinet
April 5, 2024 – Vulnerabilities
Critical Flaw in LayerSlider WordPress Plugin Impacts One Million Sites Full Text
Abstract
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.Bleeping Computer
April 4, 2024 – Breach
Scrut Automation Secures $10 Million in Growth Capital Full Text
Abstract
Scrut Automation, a GRC platform provider, has announced today that it secured $10 million in growth capital from its existing investors, including Lightspeed, MassMutual Ventures, and Endiya Partners.Ciol
April 4, 2024 – Attack
New SEXi Ransomware Gang Targets VMware ESXi Servers Full Text
Abstract
Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups.Bleeping Computer
April 4, 2024 – Phishing
Targeted Phishing Linked to ‘The Com’ Surges in the US, the UK, and Canada Full Text
Abstract
A persistent social engineering threat faced by enterprises involves attackers trying to obtain login credentials for identity and access management (IAM), cloud resources, or single sign-on (SSO)-enabled systems.Intel 471
April 4, 2024 – General
Report: 73% Brace for Cybersecurity Impact on Business in the Next Year or Two Full Text
Abstract
Only 3% of organizations across the globe have the ‘mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco. The readiness is down from one year ago, when 15% of companies were ranked mature.Help Net Security
April 4, 2024 – Breach
Microsoft Exchange State-Linked Hack Entirely Preventable, Cyber Review Board Finds Full Text
Abstract
The China-affiliated threat actor Microsoft identified as Storm-0558 compromised the Microsoft Exchange Online mailboxes of 22 organizations and more than 500 individuals in the attacks, which began in May 2023.Cybersecurity Dive
April 4, 2024 – Malware
Distinctive Campaign Evolution of Pikabot Malware Full Text
Abstract
PikaBot, along with other malicious loaders like QBot and DarkGate, heavily depends on spam campaigns for distribution. Its initial access strategies are intricately crafted, utilizing geographically targeted spam emails for specific countries.MCafee
April 4, 2024 – Malware
Magento Shoplift Malware Targets Both WordPress and Magento CMS on E-Commerce Sites Full Text
Abstract
While it pretends to be a Google Analytics script, this is merely a distraction from the true nature of the credit card skimming JavaScript code snippet embedded in the infected website.Sucuri
April 4, 2024 – Criminals
Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption Full Text
Abstract
Contrary to what the group themselves have stated, activities observed post-disruption would indicate that Operation Chronos has a significant impact on the group’s activities.Trend Micro
April 4, 2024 – Vulnerabilities
Google Fixed Another Chrome Zero-Day Exploited at Pwn2Own Full Text
Abstract
The vulnerability CVE-2024-3159 is an out-of-bounds memory access in the V8 JavaScript engine. The flaw was demonstrated by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks during the Pwn2Own 2024 on March 22, 2024.Security Affair
April 2, 2024 – Education
How to Design and Deliver an Effective Cybersecurity Exercise Full Text
Abstract
Armed forces have always utilized war-gaming exercises for battlefield training to prepare for times of conflict. With today’s digital transformation, the same concept is being applied in the form of cybersecurity exercises.Help Net Security
April 2, 2024 – Government
FCC to Probe ‘Grave’ Weaknesses in Phone Network Infrastructure Full Text
Abstract
The Federal Communications Commission (FCC) says it is taking action to address significant weaknesses in telecommunications networks that can enable cybercrime and spying.The Record
April 2, 2024 – General
Losses Linked to Impersonation Scams Top $1 Billion Yearly, FTC Says Full Text
Abstract
A classic type of fraud — when a crook impersonates a business or a government agency — appears to be bigger than ever, according to federal statistics, and it’s now most likely to begin via text message or email instead of a phone call.The Record
April 2, 2024 – General
Escalating Malware Tactics Drive Global Cybercrime Epidemic Full Text
Abstract
Evasive, basic, and encrypted malware all increased in Q4 2023, fueling a rise in total malware, according to WatchGuard. The average number of malware detections rose 80% from the previous quarter.Help Net Security
April 2, 2024 – Insider Threat
OWASP Discloses a Data Breach Due to Wiki Misconfiguration Full Text
Abstract
In late February 2024, the Foundation received a few support requests and became aware of a misconfiguration of OWASP’s old Wiki web server. The misconfiguration led to a data breach involving old member resumes.Security Affairs
April 2, 2024 – Government
Vulnerability Database Backlog Due to Increased Volume, Changes in ‘Support,’ NIST Says Full Text
Abstract
The National Institute of Standards and Technology (NIST) blamed increases in the volume of software and “a change in interagency support” for the recent backlog of vulnerabilities analyzed in the organization’s National Vulnerability Database (NVD).The Record
April 2, 2024 – Malware
Vultur Banking Malware for Android Poses as McAfee Security App Full Text
Abstract
Fox-IT warned that a new, evasive version of Vultur spreads to victims through a hybrid attack that relies on SMS phishing and phone calls that trick the targets into installing a version of the malware that masquerades as the McAfee Security app.Bleeping Computer
April 2, 2024 – Breach
Data Leak at Shopping Platform PandaBuy Impacts 1.3 Million Users Full Text
Abstract
"The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website," the threat actor named 'Sanggiero' said.Bleeping Computer
April 2, 2024 – General
Advanced Cybersecurity Strategies Boost Shareholder Returns Full Text
Abstract
Companies demonstrating advanced cybersecurity performance generate a shareholder return that is 372% higher than their peers with basic cybersecurity performance, according to a new report from Diligent and Bitsight.Help Net Security
April 2, 2024 – Breach
Update: Prudential Insurance Says Data of 36,000 Exposed During February Cyberattack Full Text
Abstract
“Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024, and removed a small percentage of personal information from our systems,” the breach notification letters said.The Record
April 1, 2024 – Malware
DinodasRAT Malware Targets Linux Servers in Espionage Campaign Full Text
Abstract
When executed, the Linux variant of DinodasRAT creates a hidden file in the directory where its binary resides, which acts as a mutex to prevent multiple instances from running on the infected device.Bleeping Computer
April 1, 2024 – Government
OMB Issues First Governmentwide AI Risk Mitigation Rules Full Text
Abstract
U.S. federal agencies have until December to implement a series of safeguards that aim to ensure the government is responsibly using artificial intelligence, the White House ordered Thursday.Gov Info Security
April 1, 2024 – Breach
Activision Recommends Users Enable 2FA to Secure Accounts Recently Stolen by Malware Full Text
Abstract
An infostealer malware campaign has apparently collected millions of logins from users of various gaming websites, including players that use cheats and pay-to-cheat services.Bleeping Computer
April 1, 2024 – Policy and Law
British Nuclear Site Sellafield to be Prosecuted for Cybersecurity Failures Full Text
Abstract
The UK's independent nuclear safety regulator has announced that it will be prosecuting the company managing the Sellafield nuclear site over “alleged information technology security offenses during a four year period between 2019 and early 2023.”The Record
April 1, 2024 – Breach
Israeli LGBTQ Dating App Atraf Faces Data Leak, 700,000 Users Affected Full Text
Abstract
Atraf, a popular Israeli LGBTQ dating app, has suffered a major data breach exposing the personal information of over half a million users. Leaked data includes cleartext passwords and payment card data.Hack Read
April 1, 2024 – General
Report: 17 Billion Personal Records Exposed in Data Breaches in 2023 Full Text
Abstract
Reported data breach incidents rose by 34.5% in 2023, with over 17 billion personal records compromised throughout the year, according to Flashpoint’s 2024 Global Threat Intelligence Report.Infosecurity Magazine
April 1, 2024 – Policy and Law
KuCoin Charged with AML Violations That Let Cybercriminals Launder Billions Full Text
Abstract
In an indictment, the Department of Justice claimed that KuCoin knowingly allowed U.S.-based users to trade on its platform while fulfilling none of its AML obligations, as defined by U.S. laws and regulations.Bleeping Computer
April 1, 2024 – Government
Pentagon Lays Out Strategy to Improve Defense Industrial Base Cybersecurity Full Text
Abstract
The strategy, which covers fiscal years 2024 through 2027, lays out four topline goals, such as improving best practices within the industrial base. Each goal contains a subset of objectives, such as being able to recover from a cyberattack.The Record
April 1, 2024 – Government
NIST Unveils New Consortium to Operate the NVD Full Text
Abstract
It’s now official: the US National Institute of Standards and Technology (NIST) will hand over some aspects of the management of the world’s most widely used software vulnerability repository to an industry consortium.Infosecurity Magazine
April 1, 2024 – Malware
Researchers Dissect Infostealer Malware Targeting macOS Users Full Text
Abstract
The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday.JAMF