August, 2024
August 31, 2024 – Malware
Rocinante: The Trojan Horse That Wanted to Fly Full Text
Abstract
Once installed, the Rocinante malware prompts the victim to grant Accessibility Services and displays phishing screens tailored to different banks to steal personal information.Threat Fabric
August 31, 2024 – Attack
New Snake Keylogger Variant Slithers Into Phishing Campaigns Full Text
Abstract
The attack starts with a phishing email disguised as a fund transfer notification, with an attached Excel file named “swift copy.xls” that triggers the deployment of Snake Keylogger on the victim's computer upon opening.Security Online
August 31, 2024 – Breach
FBI: RansomHub Ransomware Breached 210 Victims Since February 2024 Full Text
Abstract
The ransomware operation focuses on data theft extortion rather than encrypting files, with victims facing the threat of stolen data being leaked or sold if negotiations fail.Bleeping Computer
August 31, 2024 – APT
Operation DevilTiger: APT-Q-12’s Shadowy Tactics and Zero-Day Exploits Unveiled Full Text
Abstract
The QiAnXin Threat Intelligence Center has revealed the details of "Operation DevilTiger," a cyber espionage campaign carried out by the elusive APT-Q-12 group, also known as "Pseudo Hunter."Security Online
August 31, 2024 – Attack
Suspected Espionage Campaign Delivers New Voldemort Malware Full Text
Abstract
The campaign, which targeted organizations worldwide, involved impersonating tax authorities from various countries and utilizing Google Sheets for command and control (C2).Proof Point
August 31, 2024 – Malware
Godzilla Fileless Backdoors Targeting Atlassian Confluence Full Text
Abstract
The Godzilla fileless backdoor relies on a complex series of actions, such as cryptographic operations, class loading, and dynamic injection, to establish unauthorized access.Trend Micro
August 30, 2024 – Government
US Offers $2.5 Million Reward for Hacker Linked to Angler Exploit Kit Full Text
Abstract
The U.S. Department of State and the Secret Service are offering a reward of $2.5 million for information leading to the capture of Belarusian cybercriminal Volodymyr Kadariya, who is linked to the Angler Exploit Kit.Bleeping Computer
August 30, 2024 – Criminals
Cybercriminals Capitalize on Travel Industry’s Peak Season Full Text
Abstract
Cequence Security found that cyberattacks against the travel industry surge during holidays, with 91% of severe vulnerabilities in the top 10 travel and hospitality sites enabling man-in-the-middle attacks.Help Net Security
August 30, 2024 – Encryption
‘Store Now, Decrypt Later’: US Leaders Prep for Quantum Cryptography Concerns Full Text
Abstract
U.S. cybersecurity leaders are focusing on preparing for the potential risks posed by quantum cryptography tools that could threaten critical infrastructure and national security.The Record
August 30, 2024 – Insider Threat
Employee Arrested for Locking Windows Admins Out of 254 Servers in Extortion Plot Full Text
Abstract
The FBI investigation revealed that the suspect, Daniel Rhyne, had accessed the company's systems without authorization and changed passwords for various accounts. Rhyne's actions were intended to deny the company access to its systems and data.Bleeping Computer
August 29, 2024 – Vulnerabilities
Critical Fortra FileCatalyst Workflow Vulnerability Patched (CVE-2024-6633) Full Text
Abstract
The flaw, known as CVE-2024-6633, involves the use of default credentials for the HSQL database, which could compromise the software's confidentiality, integrity, and availability.Help Net Security
August 29, 2024 – Criminals
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations Full Text
Abstract
The Pioneer Kitten attackers are monetizing their access to compromised organizations' networks by selling domain admin credentials and full domain control privileges on cybercrime marketplaces.CISA
August 29, 2024 – Hacker
Threat Group ‘Bling Libra’ Pivots to Extortion for Cloud Attacks Full Text
Abstract
The threat group known as Bling Libra, previously linked to the Ticketmaster data breach, has shifted to the double extortion strategy in cloud attacks, according to researchers at Palo Alto Networks' Unit 42.Dark Reading
August 29, 2024 – Breach
Hundreds of LLM Servers Expose Corporate, Health & Other Online Data Full Text
Abstract
Flowise, a popular low-code tool backed by Y Combinator, was particularly at risk due to an authentication bypass vulnerability that allowed access to sensitive information such as GitHub tokens and API keys in plaintext.Dark Reading
August 29, 2024 – Vulnerabilities
AWS Load Balancer Plagued by Authentication Bypass Flaw Full Text
Abstract
Miggo has uncovered a security flaw in AWS Load Balancer that could allow cybercriminals to bypass authentication and authorization services, potentially affecting over 15,000 applications.Security Boulevard
August 29, 2024 – Government
CISA Adds Google Chromium V8 Bug to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
Google released a security update this week to address the actively exploited Chrome zero-day vulnerability. The vulnerability, CVE-2024-7965, is an inappropriate implementation issue in Chrome's V8 JavaScript engine.Security Affairs
August 29, 2024 – Phishing
New Unicode QR Code Phishing Scam Bypasses Traditional Security Full Text
Abstract
Cybercriminals are using Unicode QR codes in a new type of phishing attack that can bypass traditional security measures, putting users at risk of visiting malicious websites and having their data stolen.HackRead
August 29, 2024 – Hacker
Researchers Unmasked the Notorious Threat Actor USDoD Full Text
Abstract
CrowdStrike researchers have uncovered the identity of the hacker USDoD, also known as EquationCorp, responsible for multiple high-profile data breaches. According to a report from TecMundo, USDoD is a man named Luan BG from Brazil.Security Affairs
August 28, 2024 – Ransomware
BlackByte Blends Known Tactics With New Encryptor Variant and Vulnerability Exploits to Support Ongoing Attacks Full Text
Abstract
The latest encryptor variant identified by researchers at Cisco Talos appends the file extension ‘blackbytent_h’ to encrypted files. This variant also includes the deployment of four vulnerable drivers, an increase from previous reports.Talos Intelligence
August 28, 2024 – Phishing
Microsoft’s Sway Serves as Launchpad for ‘Quishing’ Campaign Full Text
Abstract
A new QR code phishing campaign is using Microsoft Sway to steal credentials. The attacks primarily target users in Asia and North America, particularly in the technology, manufacturing, and finance sectors.Dark Reading
August 27, 2024 – General
Report: A Third of Organizations Suffer SaaS Data Breaches Last Year Full Text
Abstract
According to AppOmni, one-third of organizations experienced SaaS data breaches last year due to a lack of visibility and control, as revealed by a survey of 644 enterprises globally.Infosecurity Magazine
August 27, 2024 – Ransomware
Lateral Movement: Clearest Sign of Unfolding Ransomware Attack Full Text
Abstract
Lateral movement is a key indicator of ransomware attacks, with 44% of attacks being spotted during this phase, as reported by Barracuda Networks. Additionally, file modifications and off-pattern behavior were also significant triggers for detection.Help Net Security
August 27, 2024 – Attack
New Cheana Stealer Threat Targets VPN Users Across Multiple Operating Systems Full Text
Abstract
This campaign is notable for its malicious apps for Windows, Linux, and macOS users. The attackers have created different versions of Cheana Stealer for each OS to widen their attack surface.The Cyber Express
August 27, 2024 – Attack
India’s Critical Infrastructure Suffers Spike in Cyberattacks Full Text
Abstract
India is experiencing a rise in cyberattacks on its critical infrastructure, particularly in the financial and government sectors, prompting the Reserve Bank of India to issue warnings about the need for enhanced cybersecurity measures.Dark Reading
August 27, 2024 – Vulnerabilities
Google Tags a Tenth Chrome Zero-Day as Exploited This Year Full Text
Abstract
The vulnerability, tracked as CVE-2024-7965 and reported by a security researcher known as TheDog, involved a bug in the compiler backend that could allow remote attackers to exploit heap corruption through a crafted HTML page.Bleeping Computer
August 27, 2024 – General
Top Universities to Battle in Cybersecurity at UNSW’s Upcoming Australian Cybersecurity Games Full Text
Abstract
Top universities in Australia will compete in the Australian Cybersecurity Games at UNSW from September 2-30, 2024. This event, organized by SECedu, features cybersecurity experts collaborating with leading universities like UNSW.The Cyber Express
August 27, 2024 – Vulnerabilities
SonicWall Patches Critical Flaw Affecting its Firewalls (CVE-2024-40766) Full Text
Abstract
SonicWall has addressed a critical vulnerability (CVE-2024-40766) in its next-gen firewalls, which could be exploited by remote attackers to gain unauthorized access and potentially crash the devices.Help Net Security
August 27, 2024 – Education
Two Strategies to Protect Your Business From the Next Large-Scale Tech Failure Full Text
Abstract
Diversifying suppliers and systems can help minimize risks, as shown by corporations that purchase networking equipment from multiple vendors to prevent total network failure in case of vendor issues.Help Net Security
August 27, 2024 – Ransomware
PythonAnywhere Cloud Platform Abused for Hosting Ransomware Full Text
Abstract
Researchers found that attackers are leveraging PythonAnywhere cloud platform to host and distribute malicious files using Razr ransomware discreetly. The ransomware generates a unique machine ID, encryption key, and IV to begin operations.HackRead
August 27, 2024 – General
In a Kyiv Hangar, Ukraine Launches a Cyber Range for Everyone Full Text
Abstract
The project is led by Ukrainian cyber entrepreneur Yehor Aushev and is unique in that it is free and open to a wide range of citizens, including students, researchers, and state officials.The Record
August 24, 2024 – Government
NSA Issues Guidance for Better Logging, Threat Detection to Prevent LotL Incidents Full Text
Abstract
The NSA has released guidelines to improve logging and threat detection for Living-off-the-Land (LotL) attacks in cloud services, enterprise networks, mobile devices, and OT networks as part of a global effort for critical infrastructure security.Dark Reading
August 24, 2024 – Government
CISA Adds Dahua IP Camera, Linux Kernel, and Microsoft Exchange Server Bugs to its KEV Catalog Full Text
Abstract
The CISA has added new vulnerabilities to its Known Exploited Vulnerabilities catalog, including Dahua IP Camera authentication bypass flaws, a Linux Kernel buffer overflow issue, and a Microsoft Exchange Server vulnerability.Security Affairs
August 24, 2024 – General
Liverpool Fans Lose Big in Premier League Ticket Scams Full Text
Abstract
Liverpool fans have suffered the most in Premier League ticket scams for the 2023/24 season, losing over £17,000 (~$22,460) to criminals, as revealed by a report from NatWest Bank. Arsenal supporters were also hit hard, losing £12,000 (~$15,855).Infosecurity Magazine
August 24, 2024 – Criminals
Greasy Opal’s CAPTCHA Solver Still Serving Cybercrime After 16 Years Full Text
Abstract
Greasy Opal, a well-known developer, has been aiding cybercriminals for 16 years by offering a tool that can solve CAPTCHAs automatically on a large scale, bypassing security measures.Bleeping Computer
August 24, 2024 – Vulnerabilities
Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities Full Text
Abstract
The urgent security update, Microsoft Edge Stable Channel Version 128.0.2739.42, based on Chromium versions 128.0.6613.85 and 128.0.6613.84, addresses a total of 25 security issues.Security Onine
August 24, 2024 – Vulnerabilities
Slack Patches AI Bug That Exposed Private Channels Full Text
Abstract
Slack fixed a vulnerability in its AI feature that could allow attackers to steal data from private channels. The flaw involved a prompt injection flaw in an AI feature, which allowed attackers to manipulate the system to perform malicious actions.Dark Reading
August 24, 2024 – APT
China-linked APT Velvet Ant Exploited Zero-Day to Compromise Cisco Nexus Switches Full Text
Abstract
The China-linked APT group Velvet Ant exploited a zero-day vulnerability in Cisco switches, CVE-2024-20399, to take control of network devices. The flaw in Cisco NX-OS Software's CLI enabled attackers with Admin credentials to run arbitrary commands.Security Affairs
August 24, 2024 – General
Security Flaws in UK Political Party Donation Platforms Exposed Full Text
Abstract
DataDome researchers found that major UK political parties lack critical security features to protect against bot and credential stuffing attacks on their donation platforms.Infosecurity Magazine
August 24, 2024 – Attack
Hackers Now Use AppDomain Injection to Drop Cobalt Strike Beacons Full Text
Abstract
Hackers are now using AppDomain Injection to drop Cobalt Strike beacons in a series of attacks that began in July 2024. This technique, known as AppDomain Manager Injection, can weaponize any Microsoft .NET application on Windows.Bleeping Computer
August 24, 2024 – Vulnerabilities
Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk Full Text
Abstract
This vulnerability allows local attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. With a CVSS score of 7.8, CVE-2024-38054 is a critical flaw patched by Microsoft in July.Security Online
August 22, 2024 – Vulnerabilities
Ingress-NGINX Annotation Validation Bypass Flaw (CVE-2024-7646) Allows Command Injection Full Text
Abstract
The vulnerability allows attackers to inject malicious content into annotations, leading to arbitrary command injection and potential access to controller credentials, enabling full access to cluster secrets.Armo
August 22, 2024 – Vulnerabilities
Google Fixes Ninth Chrome Zero-Day Exploited in Attacks This Year Full Text
Abstract
Google released an emergency security update to fix the ninth zero-day vulnerability exploited in attacks this year. The vulnerability, known as CVE-2024-7971, involves a type confusion weakness in Chrome's V8 JavaScript engine.Bleeping Computer
August 22, 2024 – Vulnerabilities
Critical Flaw in LiteSpeed Cache Plugin Actively Exploited: Over 30,000 Attacks Blocked in 24 Hours Full Text
Abstract
The widely used LiteSpeed Cache plugin for WordPress is being actively exploited through a critical security vulnerability, CVE-2024-28000, with over 30,000 attack attempts blocked in just 24 hours.Security Online
August 22, 2024 – Denial Of Service
MegaMedusa, RipperSec’s Public Web DDoS Attack Tool Full Text
Abstract
RipperSec, a pro-Palestinian hacktivist group based in Malaysia, has released MegaMedusa, a publicly available Web DDoS attack tool that simplifies launching large-scale DDoS attacks.Radware
August 21, 2024 – Vulnerabilities
Ubuntu Addresses Multiple OpenJDK 8 Vulnerabilities Full Text
Abstract
Canonical has released security fixes for multiple OpenJDK 8 vulnerabilities that could result in denial of service, information disclosure, or arbitrary code execution on certain Ubuntu releases.TuxCare
August 21, 2024 – Phishing
Novel Phishing Method Used in Android and iOS Financial Fraud Campaigns Full Text
Abstract
This method was first disclosed by CSIRT KNF in Poland in July 2023 and later observed in Czechia by ESET analysts. Similar campaigns were also observed targeting banks in Hungary and Georgia.Infosecurity Magazine
August 21, 2024 – Vulnerabilities
Critical Remote Code Execution Vulnerability Addressed in GiveWP Plugin Full Text
Abstract
The vulnerability, identified as CVE-2024-5932, arises from inadequate validation of user-provided serialized data, allowing attackers to inject harmful PHP objects through the give_title parameter.The Cyber Express
August 21, 2024 – Attack
TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset Full Text
Abstract
Iran-linked TA453 targeted a religious figure with a fake podcast interview invitation, attempting to deliver the BlackSmith malware toolkit. The initial lure involved an email leading to a malicious link containing the AnvilEcho PowerShell trojan.Proof Point
August 21, 2024 – Vulnerabilities
Researcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021) Full Text
Abstract
The vulnerability stems from how Outlook handles hyperlink objects in image tags in emails, enabling attackers to exploit a composite moniker to trigger remote code execution.Security Online
August 21, 2024 – Vulnerabilities
TLS Bootstrap Attack on Azure Kubernetes Services can Leak Sensitive Credentials Full Text
Abstract
A new threat known as "WireServing" has been identified in Azure Kubernetes Services (AKS) by Mandiant. This vulnerability could have allowed attackers to escalate privileges and access sensitive credentials within compromised clusters.August 21, 2024 – Vulnerabilities
Critical Heap Overflow Vulnerability Discovered in FFmpeg, PoC Published Full Text
Abstract
CVE-2024-7272 is a critical heap overflow vulnerability found in FFmpeg, the popular multimedia framework. The vulnerability affects versions up to 5.1.5 and has a CVSS score of 8.8.Security Online
August 21, 2024 – Attack
New Msupedge Backdoor Targeting Taiwan Employs Stealthy Communications Full Text
Abstract
Hackers have been using a PHP vulnerability to deploy a stealthy backdoor called Msupedge. This backdoor was recently used in a cyberattack against an unnamed university in Taiwan.Symantech
August 21, 2024 – Vulnerabilities
RCE Vulnerability in Atlassian Bamboo Data Center and Server Full Text
Abstract
This flaw, present in versions 9.1.0 through 9.6.0, allows authenticated attackers to execute arbitrary code within the Bamboo environment, posing risks to confidentiality, integrity, and availability.Security Online
August 21, 2024 – Vulnerabilities
Spring Security Flaw Leaves Applications Open to Unauthorized Access Full Text
Abstract
A high-severity vulnerability (CVE-2024-38810) has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications. The vulnerability impacts Spring Security versions 6.3.0 and 6.3.1.Security Online
August 19, 2024 – Disinformation
Azure Domains and Google Abused to Spread Disinformation and Malware Full Text
Abstract
Azure domains and Google have been exploited to spread disinformation and malware in a sophisticated campaign that involves using several Microsoft Azure and OVH cloud subdomains along with Google search notifications.Bleeping Computer
August 19, 2024 – Breach
Crypto Firm Says Hacker Locked All Employees Out of Google Products for Four Days Full Text
Abstract
A cryptocurrency company reported to the SEC that a hacker breached its systems on August 9, 2024, locking all employees out of Google products for four days by changing the passwords on their G-Suite accounts.The Record
August 19, 2024 – Criminals
Mad Liberator Gang Uses Fake Windows Update Screen to Hide Data Theft Full Text
Abstract
A new cybercrime group named Mad Liberator has been identified by the Sophos X-Ops Incident Response team for targeting AnyDesk users. This ransomware group is using a fake Microsoft Windows update screen to hide their data exfiltration activities.Bleeping Computer
August 19, 2024 – Vulnerabilities
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs Full Text
Abstract
Cymulate's proof-of-concept attack demonstrates how multiple on-premises domains syncing to a single Azure tenant can lead to credential mishandling, potentially allowing unauthorized access to different domains.Dark Reading
August 19, 2024 – Criminals
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group Full Text
Abstract
Researchers have uncovered new infrastructure connected to the financially motivated threat actor FIN7. The analysis reveals communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd in Russia and SmartApe in Estonia.The Hacker News
August 19, 2024 – Attack
Update: Windows Zero-Day Flaw was Exploited by North Korea-linked Lazarus APT Full Text
Abstract
Microsoft has patched a zero-day vulnerability, known as CVE-2024-38193, that was being exploited by the North Korea-linked Lazarus APT group. This vulnerability is a privilege escalation issue in the Windows Ancillary Function Driver for WinSock.Security Affairs
August 19, 2024 – Breach
Thousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer Data Full Text
Abstract
Thousands of Oracle NetSuite E-Commerce Sites are at Risk of Exposing Sensitive Customer Data due to a widespread misconfiguration in the SuiteCommerce enterprise resource planning (ERP) platform.Dark Reading
August 17, 2024 – Vulnerabilities
Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk Full Text
Abstract
Google Pixel devices shipped globally since September 2017 were found to contain a pre-installed app called Showcase.apk, leaving them vulnerable to potential attacks and malware infections.The Hacker News
August 17, 2024 – Attack
Dozens of Google Products Targeted by Scammers via Malicious Search Ads Full Text
Abstract
Scammers have been targeting dozens of Google products through malicious search ads. They impersonated Google's product line and used Looker Studio to lock up Windows and Mac users' browsers.Malware Bytes
August 17, 2024 – Attack
A Deep Dive Into a New ValleyRAT Campaign Targeting Chinese Speakers Full Text
Abstract
The malware masquerades as legitimate applications like Microsoft Office and creates an empty file to lure users. It also checks for virtual machines and uses sleep obfuscation to evade memory scanners.Fortinet
August 17, 2024 – Education
Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities - Check Point Research Full Text
Abstract
Server-Side Template Injection (SSTI) vulnerabilities are a growing concern in web applications, allowing attackers to inject malicious code into templates and gain control over servers.Check Point
August 17, 2024 – Government
CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available Full Text
Abstract
These vulnerabilities could allow attackers to execute arbitrary code, disclose sensitive information, or disrupt device functionality, posing a significant threat to industrial and commercial networks relying on these devices.Security Online
August 17, 2024 – Skimming
PrestaShop GTAG Websocket Skimmer Full Text
Abstract
A recent investigation uncovered a credit card skimmer using a web socket connection to steal credit card details from an infected PrestaShop website. Attackers use web sockets for obfuscation, making it difficult to analyze traffic.Sucuri
August 16, 2024 – Disinformation
Doppelgänger Operation Rushes to Secure Itself Amid Ongoing Detections, German Agency Says Full Text
Abstract
European hosting companies were found to be supporting the Kremlin-linked disinformation campaign, prompting Doppelgänger operators to quickly back up their systems and data.The Record
August 16, 2024 – Business
DigiCert Announces Acquisition of Vercara Full Text
Abstract
DigiCert has announced the acquisition of Vercara to offer customers a unified DNS and certificate management experience. Vercara provides cloud-based services like managed DNS and DDoS security to protect networks and applications.Security Info Watch
August 16, 2024 – Breach
Biotech Company Hacked in 2023 Pays States $4.5 Million Over Breached Data Full Text
Abstract
The state attorneys general of New York, New Jersey, and Connecticut reached an agreement with Enzo Biochem, which revealed the incident to the federal government in May 2023.The Record
August 16, 2024 – General
Report: 56% of Security Professionals Worry About AI-Powered Threats Full Text
Abstract
AI professionals have concerns about their jobs being replaced by AI tools, with 56% of security professionals worried about AI-powered threats, as reported by Pluralsight.Help Net Security
August 15, 2024 – Vulnerabilities
Research Uncovers New Microsoft Outlook Vulnerability Full Text
Abstract
A new vulnerability has been discovered in Microsoft Outlook by security researchers, labeled as CVE-2024-38173 with a CVSS score of 6.7. This Form Injection RCE flaw is similar to a previous vulnerability, CVE-2024-30103, patched in July 2024.Infosecurity Magazine
August 15, 2024 – Phishing
New Phishing Attack Uses Sophisticated Infostealer Malware Full Text
Abstract
A new phishing attack with advanced infostealer malware has been discovered by analysts. The malware collects sensitive data like passwords, cookies, credit card info, and browsing history.Infosecurity Magazine
August 15, 2024 – Vulnerabilities
Windows TCP/IP RCE Impacts all Systems with IPv6 Enabled, Patch Now Full Text
Abstract
A critical TCP/IP remote code execution (RCE) vulnerability affecting all Windows systems with IPv6 enabled has been discovered, prompting Microsoft to issue a warning urging users to patch their systems immediately.Bleeping Computer
August 15, 2024 – Botnet
New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining Full Text
Abstract
A new variant of the Gafgyt botnet has been discovered by cybersecurity researchers, targeting machines with weak SSH passwords to mine cryptocurrency using GPU power. This variant is focusing on servers in cloud native environments.The Hacker News
August 15, 2024 – Vulnerabilities
SolarWinds Urges Upgrade After Revealing Critical RCE Bug Full Text
Abstract
SolarWinds is advising customers to upgrade their Web Help Desk platform due to a critical vulnerability, CVE-2024-28986, discovered by Inmarsat Government researchers. The bug allows for remote code execution through Java deserialization.Infosecurity Magazine
August 15, 2024 – Criminals
Black Basta Ransomware Gang Linked to a Malware Campaign Full Text
Abstract
The attacks, detected on June 20, 2024, show threat actors using various tools like AnyDesk and AntiSpam.exe to harvest credentials. They also deploy payloads like Golang HTTP beacons and Socks proxy beacons.Security Affairs
August 15, 2024 – Breach
South Korea Says DPRK Hackers Stole Spy Plane Technical Data Full Text
Abstract
South Korea's ruling party, the People Power Party (PPP), has reported that hackers from North Korea have stolen important technical data related to the country's main battle tank, the K2, as well as its spy planes known as "Baekdu" and "Geumgang."Bleeping Computer
August 15, 2024 – Attack
Ongoing Social Engineering Campaign Refreshes Payloads Full Text
Abstract
Rapid7 identified multiple intrusion attempts by threat actors utilizing social engineering tactics on June 20, 2024. The threat actors use email bombs followed by calls to offer fake solutions, with recent incidents involving Microsoft Teams calls.Rapid7
August 15, 2024 – Breach
FBI Says it is Investigating Purported Trump Campaign Hack Full Text
Abstract
The FBI is investigating a suspected hack of the Trump campaign, following accusations of Iranian involvement. The Trump campaign blames foreign sources and cited a Microsoft report linking Iranian hackers to covert efforts to influence the election.The Record
August 15, 2024 – Cryptocurrency
CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations Full Text
Abstract
The CryptoCore group's scam operation leverages deepfake technology, hijacked YouTube accounts, and professionally designed websites to trick users into sending cryptocurrencies to scammer wallets.Avast
August 14, 2024 – Vulnerabilities
Update: New Windows SmartScreen Bypass Exploited as Zero-Day Since March Full Text
Abstract
A security loophole in Windows SmartScreen, known as CVE-2024-38213, was exploited by attackers as a zero-day to bypass protection. Microsoft patched this vulnerability during the June 2024 Patch Tuesday.Bleeping Computer
August 14, 2024 – Criminals
Prolific Malvertising Scammer Arrested and Extradited to US to Face Charges Full Text
Abstract
Maxim Silnikau, a Belarusian-Ukrainian cybercriminal dubbed one of the most prolific Russian-speaking hackers by the UK's NCA, has been arrested in Spain and extradited to the US.The Record
August 14, 2024 – Vulnerabilities
Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access Full Text
Abstract
Ivanti Virtual Traffic Manager has a critical flaw that could allow rogue admin access. A security update has been released for this vulnerability, tracked as CVE-2024-7593, with a CVSS score of 9.8.The Hacker News
August 14, 2024 – Encryption
NIST Formalizes World’s First Post-Quantum Cryptography Standards Full Text
Abstract
The finalized post-quantum cryptography standards are Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203), Module-Lattice-Based Digital Signature Standard (FIPS 204), and Stateless Hash-Based Digital Signature Standard (FIPS 205).Infosecurity Magazine
August 14, 2024 – Vulnerabilities
Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities Full Text
Abstract
Multiple privilege escalation issues in Microsoft Azure's cloud-based Health Bot service opened the platform to server-side request forgery (SSRF) and could have allowed access to cross-tenant resources.Dark Reading
August 14, 2024 – General
DARPA Awards $14m to Seven Teams in AI Cyber Challenge Full Text
Abstract
DARPA has awarded $14 million to seven teams in the AI Cyber Challenge (AIxCC) at DEFCON 32. The competition aims to find a cyber reasoning system to identify and fix vulnerabilities in open-source software.Infosecurity Magazine
August 14, 2024 – Breach
Phishing Campaign Poses as Ukraine’s Security Service to Spread ANONVNC Malware Full Text
Abstract
Cybercriminals impersonated the Security Service of Ukraine (SSU) using malicious spam emails to target and infect the systems of Ukrainian government agencies. The attackers successfully distributed AnonVNC malware to over 100 computers.Dark Reading
August 14, 2024 – Education
How CIOs, CTOs, and CISOs View Cyber Risks Differently Full Text
Abstract
C-suite executives face the challenge of balancing technological innovation with cybersecurity resilience. A report by LevelBlue highlighted the complexities of their roles and the need for strategic cybersecurity approaches.Help Net Security
August 14, 2024 – Criminals
Feds Seize Radar/Dispossessor Ransomware Gang Servers in US and Europe Full Text
Abstract
Federal authorities have seized servers belonging to the Radar/Dispossessor ransomware gang in the U.S. and Europe. The FBI dismantled dozens of servers linked to the group, which is believed to have ties to the LockBit ransomware enterprise.The Record
August 14, 2024 – Government
Biden Administration Pledges $11 Million to Open Source Security Initiative Full Text
Abstract
The effort, known as the Open-Source Software Prevalence Initiative (OSSPI), aims to identify where open-source software components are being used in sectors like healthcare, transportation, and energy production to enhance national cybersecurity.The Record
August 13, 2024 – General
Misconfigurations and IAM Weaknesses Top Cloud Security Concerns Full Text
Abstract
While traditional cloud security issues associated with Cloud Service Providers (CSPs) are decreasing in significance, misconfigurations, IAM weaknesses, and API risks remain critical in cloud computing.Help Net Security
August 13, 2024 – Vulnerabilities
Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks Full Text
Abstract
Researchers at SySS GmbH revealed that attackers could exploit vulnerabilities in Ewon Cosy+ to gain elevated access, decrypt encrypted data, and hijack VPN sessions, posing a significant threat to users and industrial infrastructure.The Hacker News
August 13, 2024 – General
Report: 74% of Ransomware Victims Were Attacked Multiple Times in a Year Full Text
Abstract
Despite implementing cybersecurity measures, many companies are paying multiple ransoms annually, with 78% of targeted organizations paying the ransom, according to a report by Semperis.Help Net Security
August 13, 2024 – Attack
New Dark Skippy Attack Let Hackers Steal Secret Keys From Signing Devices Full Text
Abstract
The "Dark Skippy" method allows hackers to steal Bitcoin hardware wallet keys by embedding secret data into public Bitcoin transactions, which can then be used to extract a person's seed words.Cybersecurity News
August 13, 2024 – Solution
Scout Suite: Open-Source Cloud Security Auditing Tool Full Text
Abstract
Scout Suite is an open-source cloud security auditing tool that assesses security in multi-cloud environments. By using cloud vendors' APIs, it gathers configuration data to identify risks efficiently.Help Net Security
August 13, 2024 – Phishing
Fake X Content Warnings on Ukraine War, Earthquakes Used as Clickbait Full Text
Abstract
Scammers are using fake content warnings related to the Ukraine war and earthquakes to lure users into clicking on links that lead to adult sites, malicious browser extensions, and affiliate scams on X.Bleeping Computer
August 13, 2024 – Government
Britain and France to Discuss Misuse of Commercial Cyber Intrusion Tools Full Text
Abstract
The UK and France will discuss the misuse of commercial cyber intrusion tools as part of the Pall Mall Process, aiming to address the irresponsible use of hacking tools like spyware.The Record
August 13, 2024 – Vulnerabilities
Researchers Uncover 10 Flaws in Google’s File Transfer Tool Quick Share Full Text
Abstract
The flaws include denial-of-service issues, unauthorized file write bugs, directory traversal, and forced Wi-Fi connections. Google has released an update (v1.0.1724.0) to address these vulnerabilities and is tracking them under two CVE identifiers.The Hacker News
August 13, 2024 – Malware
Threat Actors Hijacking Websites to Deliver .NET-Based Malware Full Text
Abstract
Cyber threat operation ClearFake distributes fake antivirus software to trick users into believing their systems are infected, leading to requests for payment or installation of more malware.Cybersecurity News
August 13, 2024 – General
NIS2: A Catalyst for Cybersecurity Innovation or Just Another Box-Ticking Exercise? Full Text
Abstract
The Network and Information Security (NIS) 2 Directive is a major cybersecurity regulation in Europe, with EU Member States having until October 17, 2024, to comply with the increased security standards and reporting requirements.Help Net Security
August 10, 2024 – Vulnerabilities
‘0.0.0.0 Day’ Flaw Puts Chrome, Firefox, Mozilla Browsers at RCE Risk Full Text
Abstract
An open source security firm, Oligo Security, has discovered a vulnerability called "0.0.0.0 Day" that allows attackers to execute code on web browsers like Chrome, Safari, and Firefox, potentially leading to data theft and malware.Dark Reading
August 10, 2024 – Vulnerabilities
Cisco Warns of Critical RCE Zero-Days in End of Life IP Phones Full Text
Abstract
Cisco has issued a warning about critical remote code execution zero-days affecting the web-based management interface of the Small Business SPA 300 and SPA 500 series IP phones, which are no longer supported.Bleeping Computer
August 10, 2024 – Government
CISA Warns of Hackers Abusing Cisco Smart Install Feature Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised organizations to disable the legacy Cisco Smart Install (SMI) feature due to recent attacks exploiting it.Bleeping Computer
August 10, 2024 – Attack
North Korea Kimsuky Launch Phishing Attacks on Universities Full Text
Abstract
Cybersecurity analysts have uncovered critical details about the North Korean advanced persistent threat (APT) group Kimsuky, which has been targeting universities as part of its global espionage operations.Infosecurity Magazine
August 10, 2024 – Breach
Russian Spies Hacked UK Government Systems Earlier This Year, Stole Data and Emails Full Text
Abstract
Russian spies hacked UK government systems earlier this year, stealing data and emails in a nation-state attack. The breach targeted the Home Office's systems, which had not been previously reported.The Record
August 10, 2024 – Vulnerabilities
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins Full Text
Abstract
An issue with Microsoft's Entra ID identity and access management service could allow a hacker with admin-level access to gain global administrator privileges within an organization's cloud environment.Dark Reading
August 9, 2024 – Vulnerabilities
How to Weaponize Microsoft Copilot for Cyberattackers Full Text
Abstract
Copilot is an AI-based chatbot used by enterprises to streamline tasks, but it can also be manipulated by attackers to steal data and conduct phishing scams without leaving a trace.Dark Reading
August 9, 2024 – Criminals
US Offers $10 Million for Information on Iranian Hackers Behind CyberAv3ngers Water Utility Attacks Full Text
Abstract
The U.S. State Department has offered a $10 million reward for information on six Iranian government hackers who allegedly targeted U.S. water utilities last fall. These individuals were previously sanctioned for targeting critical infrastructure.The Record
August 9, 2024 – General
Number of Incidents Affecting GitHub, Bitbucket, GitLab, and Jira Continues to Rise Full Text
Abstract
The number of incidents affecting GitHub, Bitbucket, GitLab, and Jira is on the rise, leading to outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and data loss for DevSecOps teams, according to GitProtect.io.Help Net Security
August 9, 2024 – General
New Ransomware Groups Emerge Despite Crackdowns Full Text
Abstract
According to a report by Rapid7, a total of 21 new or rebranded groups have emerged since January 2024, alongside existing groups like LockBit, which has survived law enforcement crackdowns.Infosecurity Magazine
August 7, 2024 – General
Report: Email Attacks Skyrocket 293% Full Text
Abstract
According to Acronis, ransomware remains a top threat for SMBs, especially in critical sectors like government and healthcare, where 10 new ransomware groups conducted 84 cyberattacks globally in Q1 2024.Help Net Security
August 7, 2024 – Government
Federal Watchdog Urges EPA to Develop Comprehensive Cyber Strategy to Protect Water Systems Full Text
Abstract
The U.S. Government Accountability Office is urging the Environmental Protection Agency (EPA) to develop a comprehensive strategy to protect the nation's drinking and wastewater systems from cyber threats.Cybersecurity Dive
August 7, 2024 – Breach
NHS Software Supplier Advanced Faces $7.6 Million Fine Over Ransomware Attack Failings Full Text
Abstract
NHS software supplier Advanced faces a hefty fine of over £6 million (~$7.6 Million) for failing to protect personal information during a ransomware attack that impacted the National Health Service in the UK.The Record
August 7, 2024 – General
Ransomware Swells Despite Collective Push to Curb Attacks Full Text
Abstract
Rapid7 researchers noted over 2,570 attacks in the first half of 2024, equating to around 14 attacks daily. The number of ransomware groups posting on data leak sites surged 67% compared to the previous year.Cybersecurity Dive
August 7, 2024 – Ransomware
Threat Actors Announced Doubleface Ransomware, Claims Fully Undetectable Full Text
Abstract
Threat actors have introduced Doubleface ransomware, claiming it to be fully undetectable by major antivirus software. The ransomware utilizes a unique algorithm with AES-128 and RSA-4096 encryption, making decryption difficult without the right key.Cybersecurity News
August 7, 2024 – Government
Cyber Training Organization Pledges $15 Million in Education Programs Full Text
Abstract
EC-Council, a cyber certification organization, has pledged $15 million in scholarships to support over 50,000 students in cybersecurity programs. The goal is to help students earn industry credentials and enhance their cybersecurity skills.The Record
August 7, 2024 – Malware
North Korean Hackers Leverage Malicious NPM Packages for Initial Access Full Text
Abstract
North Korean hackers, identified as Moonstone Sleet, have been distributing malicious JavaScript packages on the npm registry to infect Windows systems. The two packages, harthat-api and harthat-hash, were uploaded on July 7, 2024.DataDog
August 7, 2024 – Business
Abnormal Security Raises $250M on $5.1B Valuation to Enhance AI-Driven Cyber Protection Full Text
Abstract
Abnormal Security, an AI-driven cybersecurity company, has raised $250 million in funding, valuing the company at $5.1 billion. The funding will support their mission of using AI to protect against cybercrime by understanding human behavior.Silicon Angle
August 7, 2024 – Malware
Chameleon Malware Now Targeting Employees Masquerading as a CRM app Full Text
Abstract
Researchers have revealed a new tactic used by threat actors behind the Chameleon Android banking trojan, targeting Canadian users with a disguised Customer Relationship Management (CRM) app.Threat Fabric
August 7, 2024 – Education
The Role of AI in Cybersecurity Operations Full Text
Abstract
AI can analyze data quickly, detect patterns of malicious behavior, and automate routine tasks like alert triaging and log analysis. However, human oversight is still necessary to ensure the accuracy and relevance of AI-generated insights.Help Net Security
August 6, 2024 – Attack
Bloody Wolf Strikes Organizations in Kazakhstan with STRRAT Commercial Malware Full Text
Abstract
The STRRAT malware, sold for $80, allows attackers to take control of computers and steal data. Attackers use phishing emails pretending to be from government agencies to trick victims into downloading malicious files.BI.ZONE
August 6, 2024 – Malware
Sneaky SnakeKeylogger Slithers Into Windows Email Inboxes Full Text
Abstract
SnakeKeylogger, also known as KrakenKeylogger, is a malicious software targeting Windows users. It logs keystrokes, steals credentials, and takes screenshots, allowing cybercriminals to capture sensitive information.The Register
August 6, 2024 – Attack
North Korean Hackers Exploit VPN Update Flaw to Install Malware Full Text
Abstract
North Korean hackers exploited a VPN software update flaw to install malware and breach networks, as warned by South Korea's National Cyber Security Center. The threat groups involved in these activities are Kimsuky (APT43) and Andariel (APT45).Bleeping Computer
August 6, 2024 – Breach
Cyberattack Cost More Than $17 Million, Key Tronic Tells Regulators Full Text
Abstract
Key Tronic revealed to regulators that a cyberattack in May 2024 cost the company over $17 million. The attack led to a shutdown of operations in Mexico and the U.S. for two weeks.The Record
August 6, 2024 – Attack
Ransomware Gang Targets IT Workers With New SharpRhino Malware Full Text
Abstract
The Hunters International ransomware group is using a new C# remote access trojan named SharpRhino to target IT workers and breach corporate networks. It is distributed through a typosquatting site posing as Angry IP Scanner's website.Bleeping Computer
August 6, 2024 – General
Cyberattacks Still Ravage Schools, Defying White House Efforts Launched Last Year Full Text
Abstract
Last year, the White House launched an initiative to strengthen school cybersecurity, but cyberattacks on schools persist. Private sector resources have been utilized by thousands of school districts to enhance their defenses.NextGov
August 6, 2024 – Vulnerabilities
Around 20K Ubiquiti IoT Cameras & Routers are Sitting Ducks for Hackers Full Text
Abstract
Around 20,000 Ubiquiti IoT cameras and routers are at risk due to a vulnerability that has been known for five years. Researchers have found that despite patches being available, many devices are still vulnerable.Dark Reading
August 6, 2024 – Vulnerabilities
Google Fixes Android Kernel Zero-Day Exploited in Targeted Attacks Full Text
Abstract
Google has patched a zero-day vulnerability in the Android kernel that was being exploited in targeted attacks. The vulnerability, tracked as CVE-2024-36971, allows for arbitrary code execution without user interaction on unpatched devices.Bleeping Computer
August 6, 2024 – Malware
Mint Stealer: New MaaS Malware Threatens Confidential Data Full Text
Abstract
A new MaaS malware known as Mint Stealer has emerged, threatening confidential data. This malware, identified by experts from Cyfirma, is designed to steal a wide range of information by employing advanced encryption and obfuscation techniques.Security Online
August 6, 2024 – Vulnerabilities
Researchers Warn of a New Critical Apache OFBiz Flaw Full Text
Abstract
The vulnerability allows unauthenticated users to execute screen rendering code under certain conditions in versions up to 18.12.14, with version 18.12.15 addressing the issue.Security Affairs
August 5, 2024 – Government
US Senate Confirms First DOD Cyber Policy Chief Full Text
Abstract
The Senate has confirmed Michael Sulmeyer as the first cyber policy chief at the Defense Department, where he will serve as the assistant secretary of Defense for cyber policy.The Record
August 5, 2024 – General
More Legal Records Stolen in 2023 Than Previous 5 Years Combined Full Text
Abstract
The sensitive nature of legal data makes law firms lucrative targets for hackers, who aim to access valuable information for specific purposes. Despite the costly demands, firms face the dilemma of paying the ransom or risking backlash from clients.Dark Reading
August 5, 2024 – General
Organizations Fail to Log 44% of Cyberattacks, Major Exposure Gaps Remain Full Text
Abstract
According to Picus Security, organizations are failing to detect 44% of cyberattacks, revealing major exposure gaps. 40% of environments tested allowed for attack paths leading to domain admin access.Help Net Security
August 5, 2024 – Breach
Israeli Hacktivist Group Claims it Took Down Iran’s Internet Full Text
Abstract
WeRedEvils announced their intention to target Iranian systems on Telegram, claiming their attack was successful in infiltrating Iran's computer systems, stealing data, and causing the outage.The Register
August 5, 2024 – Policy and Law
US Sues TikTok for Violating Children Privacy Protection Laws Full Text
Abstract
The lawsuit alleges that TikTok collected personal information from children under 13 without parental consent, failed to delete children-created accounts, and misled parents about data collection.Bleeping Computer
August 5, 2024 – Attack
Surge in Magniber Ransomware Attacks Impact Home Users Worldwide Full Text
Abstract
Unlike other ransomware groups targeting businesses, Magniber focuses on individuals. Victims report their devices getting infected after running software cracks. Ransom demands start at $1,000 and escalate to $5,000 if not paid within three days.Bleeping Computer
August 5, 2024 – Government
CrowdStrike Outage Renews Supply Chain Concerns, Federal Officials Say Full Text
Abstract
Federal officials have raised concerns about the software supply chain and memory safety vulnerabilities following a global IT outage caused by a faulty CrowdStrike software update.Cybersecurity Dive
August 5, 2024 – Breach
Evasive Panda Compromises ISP to Distribute Malicious Software Updates Full Text
Abstract
The group used DNS poisoning to redirect software update queries to attacker-controlled servers, infecting victims with malware. Volexity detected one attack in Hong Kong, which ceased when the ISP took action.Information Security Buzz
August 5, 2024 – Government
White House Officials Meet with Allies, Industry on Connected Car Risks Full Text
Abstract
Representatives from various countries and the European Union participated in the meeting, addressing cybersecurity and data risks in connected vehicles. The meeting highlighted the importance of connected cars as a critical part of infrastructure.The Record
August 5, 2024 – Attack
Linux Kernel Impacted by New SLUBStick Cross-Cache Attack Full Text
Abstract
A new Linux Kernel attack called SLUBStick has a 99% success rate in turning a limited heap vulnerability into a powerful memory read-and-write capability, allowing for privilege escalation and container escape.Bleeping Computer
August 3, 2024 – Attack
Attacks on Bytecode Interpreters Conceal Malicious Injection Activity Full Text
Abstract
This type of attack, known as Bytecode Jiu-Jitsu, takes advantage of the fact that interpreters do not require execution privilege for bytecode, making it difficult for security tools to detect.Dark Reading
August 2, 2024 – Disinformation
StackExchange Abused to Spread Malicious PyPI Packages as Answers Full Text
Abstract
Threat actors used StackExchange to promote malicious PyPi packages, including 'spl-types,' 'raydium,' 'sol-structs,' 'sol-instruct,' and 'raydium-sdk,' which steal data from browsers, messaging apps, and cryptocurrency wallets.Bleeping Computer
August 2, 2024 – Policy and Law
CrowdStrike Investors File Class Action Suit Following Global IT Outage Full Text
Abstract
The Plymouth County Retirement Association claims the company misrepresented the effectiveness of its software platform and quality control procedures. The lawsuit alleges that CrowdStrike did not adequately test its software.Cybersecurity Dive
August 2, 2024 – Phishing
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft Full Text
Abstract
A recent malvertising campaign has been exposed, where threat actors take over social media pages, rebranding them as popular AI photo editors and posting malicious links to fake websites.Trend Micro
August 2, 2024 – Criminals
Suspects in ‘Russian Coms’ Spoofing Service Arrested in London, as NCA Announces Takedown Full Text
Abstract
The caller ID spoofing service, which was established in 2021, is believed to have caused financial losses in the tens of millions and had around 170,000 victims in Britain.The Record
August 2, 2024 – Vulnerabilities
Homebrew Security Audit Finds 25 Vulnerabilities Full Text
Abstract
A security audit sponsored by the Open Tech Fund in August 2023 revealed 25 vulnerabilities in Homebrew. The audit found issues that could have allowed attackers to execute code, modify builds, control CI/CD workflows, and access sensitive data.Homebrew
August 2, 2024 – Education
Threat Intelligence: A Blessing and a Curse? Full Text
Abstract
Access to timely and accurate threat intelligence is essential for organizations, but it can be overwhelming to navigate the vast amount of available data and feeds. Balancing comprehensive information with relevance is crucial.Help Net Security
August 2, 2024 – Solution
Google Chrome Adds App-Bound Encryption to Block Infostealer Malware Full Text
Abstract
Google Chrome has implemented app-bound encryption to enhance cookie protection on Windows and defend against infostealer malware. This new feature encrypts data tied to app identity, similar to macOS's Keychain, to prevent unauthorized access.Bleeping Computer
August 2, 2024 – Breach
APT41 Likely Compromised Taiwanese Government-Affiliated Research Institute with ShadowPad and Cobalt Strike Full Text
Abstract
A government-affiliated research organization in Taiwan was attacked by APT41 hackers, a notorious Chinese hacking group known for targeting sensitive technologies. The breach, starting in July 2023, was identified by Cisco Talos researchers.Talos Intelligence
August 2, 2024 – Business
Credo AI Raises $21M to Help Enterprises Deploy AI Safely and Responsibly Full Text
Abstract
Credo AI, a startup specializing in artificial intelligence governance software, recently closed a $21 million Series B funding round led by CrimsoNox Capital, Mozilla Ventures, and FPV Ventures.Silicon Angle
August 1, 2024 – Government
Inaugural Pentagon Cyber Policy Chief Nominee Sails Through Senate Armed Services Committee Full Text
Abstract
The Senate Armed Services Committee has approved Michael Sulmeyer, the Army’s top digital adviser, as the inaugural assistant secretary of defense for cyber policy, paving the way for his nomination to the Senate floor for a vote.The Record
August 1, 2024 – Solution
Innovative Approach Promises Faster Bug Fixes Full Text
Abstract
Birgit Hofer and Thomas Hirsch from TU Graz have developed a new approach to speed up software bug fixes. By identifying bottlenecks in fault localization, they created a scalable solution using NLP and metrics to analyze code for faults.Help Net Security
August 1, 2024 – General
Researchers Uncover Largest Ever Ransomware Payment of $75m Full Text
Abstract
Security researchers have uncovered the largest ransomware payment ever recorded, amounting to $75m, which was made to the Dark Angels group. This finding was revealed in Zscaler's ThreatLabz Ransom Report for 2024.Infosecurity Magazine
August 1, 2024 – Vulnerabilities
DigiCert Mass-Revoking TLS Certificates Due to Domain Validation Bug Full Text
Abstract
DigiCert discovered a bug in how domain ownership was verified, leading to the mass revocation of SSL/TLS certificates. Approximately 0.4% of domain validations conducted between August 2019 and June 2024 are affected.Bleeping Computer
August 1, 2024 – Policy and Law
US Senate Passes Landmark Bill Protecting Children’s Online Safety and Privacy Full Text
Abstract
The Kids Online Safety and Privacy Act (KOPSA) combines two bills to enhance protections for children under 17, prohibiting targeted advertising, requiring consent for data collection, and limiting exposure to harmful content.The Record
August 1, 2024 – Privacy
Insecure File-Sharing Practices in Healthcare Put Patient Privacy at Risk Full Text
Abstract
Healthcare organizations are jeopardizing patient privacy due to insecure file-sharing practices, according to a report by Metomic. The study found that 25% of publicly shared files in healthcare contain Personally Identifiable Information (PII).Help Net Security
August 1, 2024 – Attack
Ransomware Attack On Service Provider Hits 300 Small Banks Across India Full Text
Abstract
The attack targeted C-Edge Technologies, a provider of banking systems for these banks. As a precaution, the National Payment Corporation of India (NPCI) has isolated these banks from the broader payment network to contain the attack.Ndtv
August 1, 2024 – General
BEC Attacks Surge 20% Annually Thanks to AI Tooling Full Text
Abstract
A report by Vipre Security Group, based on data from processing 1.8 billion emails, revealed that 49% of blocked spam emails were BEC attacks, with CEOs, HR, and IT being common targets. The study also found that 40% of BEC attacks were AI-generated.Infosecurity Magazine
August 1, 2024 – Malware
Telegram-Controlled TgRat Trojan Now Targets Linux Servers Full Text
Abstract
TgRat Trojan, previously targeting Windows, now focuses on Linux, using Telegram to control infected machines. Discovered by Dr. Web, this RAT allows cybercriminals to exfiltrate data and execute commands.Hack Read
August 1, 2024 – General
Some Companies Pay Ransomware Attackers Multiple Times, Survey Finds Full Text
Abstract
Some companies are paying ransomware attackers multiple times, with more than a third not receiving the decryption keys or getting corrupted keys after paying, according to a survey by Semperis.Cybersecurity Dive