June, 2024
June 29, 2024 – Vulnerabilities
Your Phone’s 5G Connection Is Vulnerable to Bypass, DoS Attacks Full Text
Abstract
One attack involves setting up a fake base station using a Raspberry Pi or a software-defined radio (SDR). These devices can imitate a real base station and are readily available for purchase.Dark Reading
June 29, 2024 – Criminals
Operation First Light Seizes $257m in Global Scam Bust Full Text
Abstract
Police forces from 61 countries have collaborated in Operation First Light 2024, led by Interpol, resulting in the arrest of 3,950 suspects and the identification of 14,643 more.Infosecurity Magazine
June 29, 2024 – Vulnerabilities
Critical GitLab Bug Lets Attackers Run Pipelines as Any User Full Text
Abstract
A critical vulnerability has been discovered in certain versions of GitLab Community and Enterprise Edition products. This vulnerability allows an attacker to run pipelines as any user.Bleeping Computer
June 29, 2024 – Attack
Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer Full Text
Abstract
A sophisticated multi-stage malware campaign by the threat actor "Water Sigbin" (also known as the 8220 Gang) exploits Oracle WebLogic vulnerabilities to deliver a cryptocurrency miner called XMRig.Trend Micro
June 29, 2024 – Malware
MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems Full Text
Abstract
MerkSpy is designed to covertly monitor user activities, capture sensitive information like keystrokes and Chrome login credentials, and exfiltrate the data to the attacker's server.Fortinet
June 29, 2024 – Attack
China-Sponsored Attackers Target 40K Corporate Users in 90 Days Full Text
Abstract
The campaigns, named LegalQloud, Eqooqp, and Boomer, deploy highly evasive and adaptive threat (HEAT) attack techniques that can bypass multifactor authentication (MFA) and URL filtering.Dark Reading
June 28, 2024 – Malware
New Unfurling Hemlock Threat Actor Floods Systems with Malware Full Text
Abstract
Unfurling Hemlock is using a new method, referred to as a "malware cluster bomb," which allows the threat actor to use one malware sample to spread additional malware on compromised machines.Bleeping Computer
June 28, 2024 – Attack
Remote Access Giant TeamViewer Says Russian Spies Hacked Its Corporate Network Full Text
Abstract
TeamViewer, a leading provider of remote access tools, has confirmed that its corporate network is currently under a cyberattack. The company has identified the attackers as a government-backed Russian intelligence group known as APT29.Tech Crunch
June 28, 2024 – Attack
Kimsuky Deploys TRANSLATEXT to Target South Korean Academia Full Text
Abstract
Kimsuky uploaded TRANSLATEXT to their attacker-controlled GitHub repository on March 7, 2024, and it is capable of bypassing security measures for prominent email service providers like Gmail, Kakao, and Naver.ZScalar
June 28, 2024 – Attack
Malware Peddlers Experimenting with BPL Sideloading and Masking Malicious Payloads as PGP Keys Full Text
Abstract
The campaign involves a Bollywood pirate movie download site leading to a Bunny content delivery platform, which then points to a ZIP file. Inside the ZIP file, there is another password-protected ZIP file with a text file containing the password.Help Net Security
June 27, 2024 – Vulnerabilities
PoC Exploit for Critical Fortra FileCatalyst Flaw Published Full Text
Abstract
The vulnerability allows attackers to create administrative user accounts, modify and delete data in the application database, and potentially gain full control of vulnerable systems.Help Net Security
June 27, 2024 – Malware
Malicious NPM Package Targets AWS Users to Deploy Backdoor Full Text
Abstract
ReversingLabs researchers discovered a suspicious package on npm called legacyreact-aws-s3-typescript. They found that the package contained a post-install script that downloaded and executed a simple backdoor.Reversing Labs
June 27, 2024 – Breach
Korean Telco Allegedly Infected Around 600,000 P2P Users with Malware Full Text
Abstract
South Korean telco KT has been accused of purposely infecting customers with malware as a result of excessive use of peer-to-peer (P2P) downloading tools. Around 600,000 users of online storage services have reportedly been affected.The Register
June 27, 2024 – Attack
Novel Snowblind Malware Targets Banking Customers in Southeast Asia Full Text
Abstract
Snowblind is effective on all modern Android devices and primarily targets banking apps. It avoids detection by modifying the app and exploiting the Linux kernel's seccomp feature to control the app's system calls.Infosecurity Magazine
June 27, 2024 – General
Phantom Secrets: Undetected Secrets Expose Major Corporations Full Text
Abstract
Major secrets, including cloud environment credentials, internal infrastructures, and telemetry platforms, have been found exposed on the internet due to Git-based processes and Source Code Management (SCM) platforms behavior.Aqua
June 27, 2024 – Vulnerabilities
Update: MOVEit Transfer Vulnerability Targeted Amid Disclosure Drama Full Text
Abstract
The non-profit cybersecurity organization, the Shadowserver Foundation, has observed exploitation attempts against CVE-2024-5806. They noted that the exploitation began soon after the vulnerability details were made public.TechTarget
June 27, 2024 – General
Chinese Cyberspies Employ Ransomware in Attacks for Diversion Full Text
Abstract
The adoption of ransomware in cyberespionage attacks helps adversaries blur the lines between APT and cybercriminal activity, leading to potential misattribution or concealing the true nature of the operation.Bleeping Computer
June 27, 2024 – Vulnerabilities
Critical ADOdb Vulnerabilities Fixed in Ubuntu Full Text
Abstract
These vulnerabilities include SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. Ubuntu has released updates for various versions, including Ubuntu 22.04 LTS, 20.04 LTS, 18.04 ESM, and 16.04 ESM.Tux Care
June 26, 2024 – Vulnerabilities
Multiple Vulnerabilities in Siemens Power Automation Products Full Text
Abstract
Siemens recently patched several vulnerabilities in its Sicam products that could be exploited to target the energy sector. The updates addressed two high-severity and one medium-severity flaws.SEC Consult
June 26, 2024 – Vulnerabilities
Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping Full Text
Abstract
The vulnerability, tracked as CVE-2024-27867, affects various AirPods models, Powerbeats Pro, and Beats Fit Pro. An attacker in Bluetooth range could spoof the source device and gain access to the headphones, potentially allowing eavesdropping.The Hacker News
June 26, 2024 – Malware
New Medusa Malware Variants Target Android Users in Seven Countries Full Text
Abstract
The Medusa banking trojan (aka TangleBot) operates as a malware-as-a-service, providing keylogging, screen controls, and SMS manipulation. Note that this operation is different from the ransomware gang and the Mirai-based botnet with the same name.Bleeping Computer
June 26, 2024 – Criminals
UK and US Law Enforcement Put Qilin Ransomware Criminals in the Crosshairs Full Text
Abstract
UK and US law enforcement agencies have collaborated to combat the Qilin ransomware gang, which has targeted the global healthcare industry through several recent attacks.The Register
June 26, 2024 – Breach
Malicious JavaScript Snippets Served Due to Supply Chain Attack on Polyfills Site Full Text
Abstract
The polyfill.io domain, which offers JavaScript code to add functionality to older browsers, has been compromised and is infecting over 100,000 websites with malware. The domain was purchased by a Chinese organization earlier this year.The Register
June 26, 2024 – Government
Update: CISA Warns Chemical Facilities of Potential Data Theft Full Text
Abstract
Although there was no evidence of data theft or lateral movement, the agency's investigation revealed that unauthorized access to various sensitive information, including security plans and user accounts, may have occurred.Cybersecurity Dive
June 26, 2024 – Solution
Zeek: Open-Source Network Traffic Analysis, Security Monitoring Full Text
Abstract
Zeek is an open-source network analysis framework. Unlike an active security device such as a firewall, Zeek operates on a versatile ‘sensor’ that can be a hardware, software, virtual, or cloud platform.Help Net Security
June 26, 2024 – Attack
Russian Hackers Target Ukraine with XWorm RAT Malware Payload Full Text
Abstract
Cyble Research and Intelligence Labs (CRIL) researchers have discovered that a Russia-linked threat group known as UAC-0184 is targeting Ukraine using the XWorm remote access trojan (RAT).The Cyber Express
June 26, 2024 – Vulnerabilities
Authentication Bypasses in MOVEit Transfer and MOVEit Gateway Full Text
Abstract
A critical security vulnerability, CVE-2024-5806, has been found in MOVEit Transfer, a popular file transfer software. The vulnerability allows attackers to bypass authentication checks and gain administrative access by sending manipulated requests.Rapid 7
June 26, 2024 – General
The Growing Threat of Malware Concealed Behind Cloud Services Full Text
Abstract
Cybersecurity threats are utilizing cloud services, such as AWS and DriveHQ, to store, distribute, and control malicious activities. This poses challenges for detection and prevention, as cloud services offer scalability and anonymity.Fortinet
June 25, 2024 – General
Report: Cloud Breaches Impact Nearly Half of Organizations Full Text
Abstract
According to the Thales 2024 Cloud Security Study, 44% of organizations have experienced a cloud data breach, with 14% reporting incidents in the past year. Human error and misconfigurations were the top root causes, affecting 31% of cases.Infosecurity Magazine
June 25, 2024 – Government
FBI Warns of Fake Law Firms Targeting Crypto Scam Victims Full Text
Abstract
The FBI has issued a warning about cybercriminals pretending to be law firms and lawyers offering cryptocurrency recovery services. These scammers target victims of investment scams, stealing funds and personal information.Bleeping Computer
June 25, 2024 – Policy and Law
Four FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree Full Text
Abstract
Ta Van Tai, Nguyen Viet Quoc, Nguyen Trang Xuyen, and Nguyen Van Truong are accused of conducting phishing campaigns and supply chain compromises to orchestrate cyberattacks and steal millions of dollars.The Hacker News
June 25, 2024 – Malware
Android RAT SpyMax Targets Telegram Users Full Text
Abstract
SpyMax does not require the targeted device to be rooted, making it easier for threat actors to cause damage. Once installed, SpyMax gathers personal information from the infected device without user consent and sends it to a remote threat actor.K7 Security
June 25, 2024 – Botnet
P2PInfect Botnet Targets Redis Servers with New Ransomware Module Full Text
Abstract
P2PInfect, a previously dormant peer-to-peer malware botnet, has recently become active and is now targeting Redis servers. The botnet has introduced new features like cron-based persistence mechanisms and SSH lockout.Bleeping Computer
June 25, 2024 – Attack
SnailLoad Attack can Exploit Remote Network Latency Measurements to Infer User Activity Full Text
Abstract
Unlike previous methods, SnailLoad doesn't require a person-in-the-middle attack or hacking the target's Wi-Fi. Instead, it lets a remote attacker infer websites and content viewed by a user without accessing their network traffic directly.SnailLoad
June 25, 2024 – Breach
Hackers Create Rogue Admin Accounts via Backdoored WordPress Plugins Full Text
Abstract
Multiple WordPress plugins have been found to contain a backdoor that injects malicious code. This code allows attackers to create unauthorized administrator accounts, enabling them to perform malicious actions.The Hacker News
June 25, 2024 – Hacker
Boolka Group’s Modular Trojan BMANAGER Exposed Full Text
Abstract
The Boolka group is responsible for deploying advanced malware and conducting web attacks. They have been exploiting vulnerabilities using SQL injection attacks since 2022, targeting websites in various countries.Infosecurity Magazine
June 25, 2024 – Attack
New Attack Uses MSC Files and Windows XSS Flaw to Breach Networks Full Text
Abstract
A new command execution technique called "GrimResource" has been discovered that leverages a combination of specially crafted Microsoft Saved Console (MSC) files and an unpatched Windows XSS flaw.Bleeping Computer
June 25, 2024 – Government
Manufacturing Cybersecurity at Heart of New White House Guidance Full Text
Abstract
The U.S. Department of Energy has released a new framework of best practices for securing clean energy cyber supply chains, focusing on key technologies used in managing electricity, oil, and natural gas systems.Cybersecurity Dive
June 24, 2024 – Botnet
‘Mirai-Like’ Botnet Observed Attacking EOL Zyxel NAS devices Full Text
Abstract
The Shadowserver Foundation, in collaboration with top security agencies and vendors, detected multiple remote command execution attempts by a Mirai-like botnet. It advised Zyxel NAS owners to actively search for signs of compromise.The Register
June 24, 2024 – Cryptocurrency
Coinstats Says North Korean Hackers Breached 1,590 Crypto Wallets Full Text
Abstract
CoinStats, a crypto portfolio app with 1.5 million users, experienced a significant security breach affecting 1,590 cryptocurrency wallets. North Korean threat actors are suspected to be behind the attack.Bleeping Computer
June 24, 2024 – Vulnerabilities
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool Full Text
Abstract
The vulnerability, tracked as CVE-2024-37032 and dubbed Probllama, was patched in version 0.1.34 released on May 7, 2024. Ollama is a service used for running large language models locally on Windows, Linux, and macOS devices.The Hacker News
June 24, 2024 – Vulnerabilities
Researchers Say Microsoft Power BI Reports Expose Sensitive Data on the Web Full Text
Abstract
The vulnerability in Power BI reports allows access to underlying raw data when shared with others. This includes detailed records, hidden tables, non-displayed columns, and filtered-out data.NOKOD Security
June 24, 2024 – Solution
Google’s Zero-Day Hunters Test AI for Security Research Full Text
Abstract
Google's Project Zero team of zero-day hunters believes that artificial intelligence (AI) can enhance automated threat identification and analysis by detecting vulnerabilities that are often missed by current tools.Bank Info Security
June 24, 2024 – General
Meta, MS SQL Make Strange Bedfellows on Couch of Cyber-Pain Full Text
Abstract
The article discusses how Meta and Microsoft SQL Server, two very different parts of the tech industry, are both facing issues related to software and services supply chain.The Register
June 24, 2024 – Attack
RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations Full Text
Abstract
The primary objective appears to be gathering intelligence on Taiwan's economic policy, trade, and diplomatic relations. The group focuses on targeting vulnerabilities in internet-facing devices due to their limited security solutions.The Hacker News
June 24, 2024 – General
Report: One out of Three Breaches Remain Undetected Full Text
Abstract
According to a survey conducted by Gigamon, organizations are facing challenges in detecting breaches due to their increasing complexity and the sophistication of attacks.Help Net Security
June 24, 2024 – Skimming
Facebook PrestaShop Module Exploited to Steal Credit Cards Full Text
Abstract
Hackers are taking advantage of a vulnerability in a Facebook module for PrestaShop called pkfacebook to carry out card skimming attacks on e-commerce websites and steal customers' payment card details.Bleeping Computer
June 24, 2024 – Policy and Law
Polish Investigators Seize Pegasus Spyware Systems as Part of Probe Into Alleged Abuse Full Text
Abstract
Polish prosecutors have seized Pegasus spyware systems from a government agency in Warsaw as part of an investigation into the legality of its use. The devices were secured from the headquarters of the Central Anticorruption Bureau.The Record
June 22, 2024 – Phishing
Military-themed Email Scam Spreads Malware to Infect Pakistani Users Full Text
Abstract
Researchers have uncovered a new phishing campaign, named PHANTOM#SPIKE, targeting individuals in Pakistan. The campaign utilizes military-themed phishing documents to initiate the infection process.The Hacker News
June 22, 2024 – APT
‘SneakyChef’ APT Slices Up Foreign Affairs With SugarGh0st Full Text
Abstract
The group initially used a modified version of Gh0st RAT, called "SugarGh0st RAT," to target South Korea and the Ministry of Foreign Affairs in Uzbekistan since late August last year.Dark Reading
June 22, 2024 – Botnet
New Threat: A Deep Dive Into the Zergeca Botnet Full Text
Abstract
Zergeca is a botnet implemented in Golang and supports six different attack methods, as well as proxying, scanning, self-upgrading, file transfer, reverse shell, and collecting sensitive device information.Qianxin
June 22, 2024 – Skimming
Decoding the Caesar Cipher Skimmer Full Text
Abstract
A new variation of the "gtag" credit card skimming attack, known as the "Caesar Cipher Skimmer," has been detected on multiple CMS platforms including WordPress, Magento, and OpenCart.Sucuri
June 22, 2024 – Malware
Rafel RAT, Android Malware from Espionage to Ransomware Operations Full Text
Abstract
Check Point Research has identified multiple threat actors using Rafel RAT, including an espionage group. The tool's features, such as remote access and surveillance, make it effective for covert operations and infiltrating high-value targets.Check Point
June 21, 2024 – Business
Pomerium Announces $13.75M Series A Funding Led by Benchmark Full Text
Abstract
Eric Vishria, a general partner at Benchmark, will join Pomerium’s board of directors. Existing investors, including Bain Capital, Haystack, SNR, and Oleg Rogynskyy, also participated in the funding round.Yahoo
June 21, 2024 – Solution
Cilium: Open-source eBPF-based networking, security, observability Full Text
Abstract
Cilium has features like distributed load balancing, advanced ingress and egress gateways, bandwidth management, and comprehensive network and security monitoring. It is available for free on GitHub.Help Net Security
June 21, 2024 – General
Cybersecurity Burnout Costing Firms $700m+ Annually Full Text
Abstract
British and US enterprises lose around $756m annually due to burnt-out cybersecurity staff, with UK employers losing $130m and US employers up to $626m, according to Hack The Box.Infosecurity Magazine
June 21, 2024 – Vulnerabilities
CosmicSting Flaw Impacts 75% of Adobe Commerce, Magento Sites Full Text
Abstract
Approximately 75% of affected e-commerce platforms have not applied the security update, which exposes them to XML external entity injection (XXE) and remote code execution (RCE) risks.Bleeping Computer
June 21, 2024 – General
Will Upcoming HHS Cyber Regs Move Needle in Health Sector? Full Text
Abstract
Hospitals are expected to be the first entities required to implement new "minimum" mandates based on cybersecurity performance goals released by the Department of Health and Human Services (HHS) in January.Bank Info Security
June 20, 2024 – Malware
Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations Full Text
Abstract
SquidLoader is designed to deliver a second-stage payload, such as Cobalt Strike, and has been active since at least April 2024. The payload is delivered through executables with descriptive Chinese filenames and icons resembling Word documents.The Hacker News
June 20, 2024 – Malware
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration Full Text
Abstract
Fickle Stealer is being distributed through various attack chains to gather sensitive data from compromised hosts. Four distribution methods have been identified, including VBA dropper, VBA downloader, link downloader, and executable downloader.The Hacker News
June 20, 2024 – Attack
Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021 Full Text
Abstract
The exact motive behind the intrusions is unknown, but it is speculated that the attackers may have been gathering intelligence, eavesdropping, or attempting to disrupt critical infrastructure.The Hacker News
June 20, 2024 – Vulnerabilities
Critical Vulnerability CVE-2024-38428 in wget Full Text
Abstract
A critical vulnerability has been found in the command line program wget, with a CVSS Base Score of 10.0. It is present in versions <=1.24.5 and poses a risk for users on Linux and Windows.BornCity
June 20, 2024 – Business
PQShield Secures $37M More for ‘Quantum Resistant’ Cryptography Full Text
Abstract
The Series B round was led by Addition, with participation from Chevron Technology Ventures, Legal & General, Braavos Capital, and Oxford Science Enterprises. PQShield plans to use the funds to expand its commercial operations.Tech Crunch
June 20, 2024 – Vulnerabilities
Unpatched Bug Allows Anyone to Impersonate Microsoft Corporate Email Accounts Full Text
Abstract
A bug has been discovered in Microsoft's corporate email accounts that allows attackers to impersonate them and conduct phishing. The security researcher, Vsevolod Kokorin, uncovered the flaw and reported it to Microsoft but received no response.Security Affairs
June 20, 2024 – Business
Aim Security Closes $18M Series A Funding Full Text
Abstract
Aim Security, an Israel-based company enabling the secure adoption and use of AI in enterprises, raised $18M in Series A funding. The round, which brought the total amount to $28M, was led by Canaan Partners, with participation from YL Ventures.FINSMES
June 20, 2024 – Hacker
New Threat Actor ‘Void Arachne’ Targets Chinese Users with Malicious VPN Installers Full Text
Abstract
The group's campaign involves distributing compromised MSI files containing malicious software such as AI voice and facial technologies, deepfake pornography-generating software, and AI technologies.The Hacker News
June 20, 2024 – Hacker
Researchers Deep Dive Into UNC3886 Actors’ Cyberespionage Realm Full Text
Abstract
The UNC3886 group demonstrated sophisticated and cautious techniques, including using public rootkits for persistence, leveraging third-party services for C2 communications, and extracting credentials from TACACS+ authentication using custom malware.The Cyber Express
June 20, 2024 – Vulnerabilities
Google Chrome 126 Update Addresses Multiple High-Severity Flaws Full Text
Abstract
Google has released the Chrome 126 update to fix several vulnerabilities, including a high-severity issue demonstrated at the TyphoonPWN 2024 hacking competition. One of the flaws is a type confusion problem in the V8 script engine.Security Affairs
June 19, 2024 – Business
Entro Security Raises $18 Million to Scale its Global Operations Full Text
Abstract
California-based cybersecurity company, Entro Security, has secured $18 million in a Series A funding round led by Dell Technologies Capital. Existing investors Hyperwise Ventures and StageOne Ventures also participated, alongside angel investors.Help Net Security
June 19, 2024 – General
Report: Quarter of Firms Suffer an API-Related Breach Full Text
Abstract
Nearly a quarter (23%) of organizations suffered a breach via production APIs last year, according to a report by Salt Security. The report also found that 95% of respondents encountered API security problems in the past 12 months.Infosecurity Magazine
June 19, 2024 – Solution
SELKS: Open-Source Suricata IDS/IPS, Network Security Monitoring, Threat Hunting Full Text
Abstract
SELKS is an open-source solution for network security monitoring, threat hunting, and intrusion detection and protection. SELKS utilizes the Suricata engine to generate all its data, making it a preferred choice for network security practitioners.Help Net Security
June 19, 2024 – Government
US, Indonesia Hold Port-Focused Cybersecurity Exercise Full Text
Abstract
The exercise involved simulations of major cyber incidents and ransomware attacks against port operations and maritime activities. The goal was to better prepare for potential cyber threats to maritime critical infrastructure.The Record
June 19, 2024 – General
Report Reveals Record Exploitation Rate for Load Balancers Full Text
Abstract
Load balancers have experienced a record exploitation rate, according to a report by Action1. Over a three-year period, load balancers were found to be disproportionately targeted by threat actors, with a 17% exploitation rate.Infosecurity Magazine
June 19, 2024 – General
Rising Exploitation in Enterprise Software: Key Trends for CISOs Full Text
Abstract
Action1 researchers have observed a significant increase in vulnerabilities in enterprise software, emphasizing the need for CISOs to prioritize their efforts in vulnerability monitoring.Help Net Security
June 19, 2024 – Government
G7 Countries Vow to Establish Collective Cybersecurity Framework for Operational Tech Full Text
Abstract
The G7 countries have pledged to establish a collective cybersecurity framework for operational technologies to strengthen the cybersecurity of key technologies used in managing energy systems globally.The Record
June 19, 2024 – General
Report: 92% of Orgs Hit by Credential Compromise from Social Engineering Full Text
Abstract
According to a report by Barracuda, 92% of organizations experienced an average of six credential compromises due to email-based social engineering attacks in 2023. Scamming and phishing accounted for 86% of these attacks.Infosecurity Magazine
June 19, 2024 – Malware
New Diamorphine Rootkit Variant Seen Undetected in the Wild Full Text
Abstract
Once loaded, the Diamorphine rootkit hides files and folders and allows the threat actor to perform certain operations such as hiding processes, elevating privileges, and interacting with the rootkit.Avast
June 19, 2024 – General
MFA Plays a Rising Role in Major Attacks, Research Finds Full Text
Abstract
MFA is playing an increasingly significant role in major cyberattacks, as highlighted by research conducted by Cisco Talos. Poorly configured MFA settings and intentional bypasses were key factors in numerous attacks over recent months.Cybersecurity Dive
June 18, 2024 – Government
CISA and EAC Release Guide to Enhance Election Security Through Public Communication Full Text
Abstract
The guide advises election officials to mitigate risks to election infrastructure and operations by developing a public communications plan with accurate election information and training teams for effective incident response communication.The Cyber Express
June 18, 2024 – Policy and Law
Hackers Plead Guilty After Breaching Law Enforcement Portal Full Text
Abstract
Two hackers, Sagar Steven Singh and Nicholas Ceraolo, have pleaded guilty to computer intrusion and identity theft. They used a law enforcement officer's stolen password to access a nonpublic portal maintained by a U.S. law enforcement agency.Bank Info Security
June 18, 2024 – Phishing
Fake Google Chrome Errors Trick Users Into Running Malicious PowerShell Scripts Full Text
Abstract
A new malware campaign has been found tricking users into running malicious PowerShell "fixes" by displaying fake Google Chrome, Word, and OneDrive errors. The campaign has been linked to multiple actors, including ClearFake, ClickFix, and TA571.Bleeping Computer
June 18, 2024 – Education
Low Code, High Stakes: Addressing SQL Injection Full Text
Abstract
Factors contributing to SQLi vulnerabilities include human error, immature code in new technologies, and the use of open-source code. In March, CISA and the FBI issued a joint warning urging manufacturers and others to address SQLi vulnerabilities.Help Net Security
June 18, 2024 – Education
Modern Fraud Detection Need Not Rely on PII Full Text
Abstract
For fraud detection software, knowing personal details like names and addresses is less important than recognizing contextual patterns. Pseudo-anonymized data, which preserves relationships without revealing original values, can be used.Help Net Security
June 18, 2024 – General
Bug Bounty Programs, Hacking Contests Power China’s Cyber Offense Full Text
Abstract
The decrease in Chinese teams' participation in Western hacking competitions has made these competitions less effective as a defensive strategy, as China now considers their exploits too valuable to demonstrate publicly.Dark Reading
June 18, 2024 – Government
US Pledges to Protect Ukraine’s Critical Infrastructure From Cyberattacks in Security Deal Full Text
Abstract
The agreement, based on a pledge by the G7 countries, focuses on assisting Ukraine in protecting its networks from cyberattacks and countering disinformation. The U.S. will also help strengthen Ukraine's cyber defenses in critical infrastructure.The Record
June 18, 2024 – Criminals
Police Dismantle Asian Crime Ring Behind $25M Android Fraud Full Text
Abstract
A Singapore-led law enforcement operation has dismantled a cybercrime ring that used malware scams to steal millions. The group operated across regions, using malicious Android apps to access victims' mobile devices and drain their bank accounts.Bank Info Security
June 18, 2024 – Vulnerabilities
VMware by Broadcom Warns of Critical vCenter Flaws Full Text
Abstract
Broadcom's VMware has discovered two critical-rated flaws, CVE-2024-37079 and CVE-2024-37080, in its vCenter Server, a tool used to manage virtual machines in its Cloud Foundation and vSphere suites.The Register
June 18, 2024 – Criminals
BreachForums Returns With a New Owner After ShinyHunters Retires Full Text
Abstract
ShinyHunters mentioned being tired of accusations and expressed a desire to move on. The new owner, Anastasia, is referred to as an "OG" by ShinyHunters and goes by the name "Anastasia Belshaw."The Cyber Expres
June 17, 2024 – Breach
China-Linked Hackers Infiltrate East Asian Firm for Three Years Using F5 Devices Full Text
Abstract
A cyber espionage actor believed to have ties to China has conducted a three-year-long attack on an undisclosed East Asian organization. The attacker utilized F5 BIG-IP appliances as a command-and-control (C&C) system for evasion purposes.The Hacker News
June 17, 2024 – Attack
Attackers Deploying New Tactics in Campaign Targeting Exposed Docker APIs Full Text
Abstract
The attackers utilize new binaries, including chkstart, exeremo, and vurld, along with a persistence mechanism that modifies systemd services. Analysis suggests a link between this campaign and Spinning YARN.DataDog
June 17, 2024 – Solution
Ghidra: Open-Source Software Reverse Engineering Framework Full Text
Abstract
The Ghidra software reverse engineering (SRE) framework features high-end software analysis tools, enabling users to analyze compiled code across various platforms, including Windows, macOS, and Linux.Help Net Security
June 17, 2024 – Criminals
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested Full Text
Abstract
A 22-year-old UK man recently arrested in Spain is believed to be the leader of the cybercrime group Scattered Spider, responsible for hacking into numerous organizations including Twilio, LastPass, and DoorDash.Krebson Security
June 17, 2024 – Botnet
NiceRAT Malware Targets South Korean Users via Cracked Software Full Text
Abstract
Threat actors are using the NiceRAT malware to create a botnet by infecting devices, primarily targeting South Korean users. The malware is distributed through cracked software and tools that claim to verify Microsoft Office licenses.The Hacker News
June 17, 2024 – Privacy
Meta Pauses AI Training on EU User Data Amid Privacy Concerns Full Text
Abstract
Meta has announced that it is delaying the training of its large language models (LLMs) in the European Union using public content shared by adult users on Facebook and Instagram, following a request from the Irish Data Protection Commission (DPC).The Hacker News
June 17, 2024 – Phishing
Malicious Emails Trick Consumers Into False Election Contributions Full Text
Abstract
The last six months have seen a surge in cyber threat activities, driven by major global events such as elections and military exercises, according to cybersecurity firm Trellix.Help Net Security
June 17, 2024 – Vulnerabilities
New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems Full Text
Abstract
A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature.Bleeping Computer
June 17, 2024 – Attack
Pakistani Hackers Use DISGOMOJI Malware to Target Indian Government Full Text
Abstract
The threat actor uses a malware called DISGOMOJI, written in Golang, to infect Linux systems. DISGOMOJI is a modified version of Discord-C2, utilizing emojis for its command and control communication through Discord.Volexity
June 17, 2024 – Policy and Law
Blackbaud Must Pay $6.75 Million, Improve Security After Lying About Scope of 2020 Hack Full Text
Abstract
Software company Blackbaud has agreed to pay $6.75 million and make improvements to its data security and breach notification practices following a hack in May 2020. The settlement was announced by California Attorney General Rob Bonta.The Record
June 15, 2024 – General
Rust Foundation Leads the Charge to Improve Critical Systems Security Full Text
Abstract
This week, the Rust Foundation launched the Safety-Critical Rust Consortium, a group dedicated to the responsible use of the programming language in critical applications.Cybersecurity Dive
June 15, 2024 – General
WithSecure Reveals Mass Exploitation of Edge Software Full Text
Abstract
Cyber threat actors are increasingly exploiting vulnerabilities in edge services and infrastructure devices, making them a desirable entry point into networks, according to a report by WthSecure.Infosecurity Magazine
June 15, 2024 – Solution
AWS Adds Passkeys Support, Warns Root Users Must Enable MFA Full Text
Abstract
Amazon Web Services (AWS) has introduced FIDO2 passkeys for multi-factor authentication (MFA) to improve security and usability. These passkeys can be physical or software-based and use public key cryptography for authentication.Bleeping Computer
June 15, 2024 – Vulnerabilities
Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces Full Text
Abstract
Two high-severity vulnerabilities were disclosed to Hugging Face. CVE-2023-51449 is a path traversal vulnerability in the file endpoint whereas CVE-2024-1561 arises from an input validation flaw in the component_server API endpoint.Horizon3
June 15, 2024 – Vulnerabilities
Critical Security Gaps Uncovered in Open Source AI/ML Tools Full Text
Abstract
A report by Protect AI revealed a dozen critical vulnerabilities found in various open-source AI/ML tools in recent months. These vulnerabilities can lead to information disclosure, unauthorized access, privilege escalation, and server takeover.Protect AI
June 15, 2024 – Phishing
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics Full Text
Abstract
Google's Mandiant and Threat Analysis Group (TAG) divisions reported that Brazilian governmental organizations, as well as the aerospace, technology, and financial services sectors, have been targeted by North Korean-backed actors.The Hacker News
June 15, 2024 – Hacker
Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale Full Text
Abstract
Security researchers have uncovered details about a Chinese threat actor known as SecShow, which has been conducting global Domain Name System (DNS) probing since at least June 2023.The Hacker News
June 15, 2024 – Vulnerabilities
‘Sleepy Pickle’ Exploit Subtly Poisons ML Models Full Text
Abstract
Pickle files provide an opportunity for attackers to insert malicious bytecode into ML programs, which can have various consequences such as manipulated output and data theft.Dark Reading
June 15, 2024 – Criminals
AI Chatbot Fools Scammers and Scores Money-Laundering Intel Full Text
Abstract
By using Open AI's ChatGPT chatbot, the researchers were able to convince cybercriminals to share sensitive information, such as bank account numbers from over 600 financial institutions across 73 countries.Dark Reading
June 14, 2024 – Hacker
Scattered Spider hackers switch focus to cloud apps for data theft Full Text
Abstract
The Scattered Spider hacking group has shifted its focus from ransomware to data theft from cloud-based software-as-a-service (SaaS) applications, using social engineering tactics and exploiting privileged access to compromise corporate environments.Bleeping Computer
June 13, 2024 – Privacy
Arid Viper Hackers Spy in Egypt and Palestine Using Android Spyware Full Text
Abstract
ESET identified five cyber espionage campaigns targeting Android users in Egypt and Palestine since 2022. These campaigns, attributed to Arid Viper with medium confidence, involve the use of trojanized apps and a multistage spyware called AridSpy.Infosecurity Magazine
June 13, 2024 – Phishing
Search & Spoof: Abuse of Windows Search to Redirect to Malware Full Text
Abstract
The campaign begins with a phishing email that contains an HTML attachment disguised as a routine document in a ZIP archive. The HTML file uses obfuscation techniques to evade detection and exploit vulnerabilities in Windows system functionalities.Trustwave
June 13, 2024 – Criminals
Police Arrest Conti and Lockbit Ransomware Crypter Specialist Full Text
Abstract
The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself.Bleeping Computer
June 13, 2024 – Malware
Dissecting SSLoad Malware: A Comprehensive Technical Analysis Full Text
Abstract
SSLoad is a sophisticated malware used for infiltrating systems through phishing emails, gathering reconnaissance data, and transmitting it back to its operators while delivering various payloads.Intezer
June 13, 2024 – Phishing
Security Brief: Scammers Create Fraudulent Olympics Ticketing Websites Full Text
Abstract
Proofpoint has discovered a fraudulent website, paris24tickets[.]com, claiming to sell tickets for the Paris 2024 Summer Olympic Games. The site appeared as the second sponsored search result on Google, but Proofpoint confirmed its fraudulent nature.Proofpoint
June 13, 2024 – Vulnerabilities
Multiple Flaws in Fortinet FortiOS Fixed Full Text
Abstract
Fortinet released security updates for FortiOS to address multiple vulnerabilities. These included a high-severity code execution flaw and several stack-based buffer overflow vulnerabilities.Security Affairs
June 13, 2024 – Phishing
New Phishing Toolkit Uses PWAs to Steal Login Credentials Full Text
Abstract
The phishing kit, created by security researcher mr.d0x, demonstrates how to create PWAs that display corporate login forms with a fake address bar showing the normal login URL. This makes the phishing attempt more convincing.Bleeping Computer
June 13, 2024 – Government
Process to Verify Software Was Built Securely Begins Today Full Text
Abstract
US government contractors providing critical infrastructure software now need to fill out a form confirming that their software follows secure-by-design principles and has undergone scrutiny through software bills of material (SBOMs).Dark Reading
June 13, 2024 – Business
XONA Raises $18 Million to Accelerate Product Development Full Text
Abstract
The funding will be used to enhance XONA's zero-trust user access platform, helping customers meet regulatory requirements and protect against cyberattacks on critical infrastructure.Help Net Security
June 13, 2024 – General
Microsoft, Google Pledge ‘Low Cost’ Cybersecurity Services to Rural Hospitals Full Text
Abstract
The initiative aims to ensure effective security for all 1,800-2,100 rural hospitals across the nation through collaboration between technology providers, the White House, the American Hospital Association, and the American Rural Health Association.The Record
June 12, 2024 – Attack
Black Basta Ransomware Gang May Have Exploited Windows Flaw Before it was Patched Full Text
Abstract
The Black Basta ransomware operation allegedly exploited a Windows privilege escalation vulnerability (CVE-2024-26169) before it was patched by Microsoft. The flaw allowed attackers to elevate their privileges to SYSTEM.The Record
June 12, 2024 – Government
CISA Warns of Criminals Impersonating its Employees in Phone Calls Full Text
Abstract
The CISA has warned the public to be cautious and reminded them that its staff will never ask for money or instruct secrecy. The agency has also provided tips to help people avoid falling for these impersonation scams.Bleeping Computer
June 12, 2024 – Criminals
Scattered Spider Now Affiliated with RansomHub Following BlackCat Exit Full Text
Abstract
Analysis conducted by GuidePoint Security researchers reveals that a section of Scattered Spider, previously associated with ALPHV/BlackCat, is now carrying out ransomware activities with RansomHub.Infosecurity Magazine
June 12, 2024 – Breach
Privacy Regulators Probe Impact of 23andMe’s Mega Breach Full Text
Abstract
The U.K. and Canada's privacy regulators are launching a joint investigation that will focus on the company's compliance with data protection laws, the impact of the October 2023 breach, and whether adequate safeguards were in place.Bank Info Security
June 12, 2024 – Malware
WarmCookie Gives Cyberattackers New Backdoor for Initial Access Full Text
Abstract
Once downloaded, WarmCookie is loaded using PowerShell and subsequently provides functionality for monitoring victims and deploying more damaging payloads like ransomware.Dark Reading
June 12, 2024 – General
Phishing Attacks Targeting US and European Organizations Double Full Text
Abstract
According to a report by Abnormal Security, the volume of phishing attacks in Europe rose by 112.4% between April 2023 and April 2024, while in the US, they increased by 91.5% over the same period.Infosecurity Magazine
June 12, 2024 – General
Cloud Migration Expands the CISO Role Yet Again Full Text
Abstract
The cloud has expanded the attack surface and introduced new compliance challenges for CISOs. In response, security needs to be integrated into governance, risk, and compliance efforts.Help Net Security
June 12, 2024 – Breach
Crypto Platform UwU Lend Dealing with $20 Million Theft Full Text
Abstract
DeFi platform UwU Lend has offered to negotiate with the hacker responsible for stealing $20 million worth of ETH. The company paused operations and launched an investigation after several blockchain security firms reported the theft.The Record
June 12, 2024 – Criminals
Two Arrested Over ‘Text Message Blaster’ Smish Campaign Full Text
Abstract
The suspects used homemade hardware, described as a "homemade mobile antenna," "an illegitimate telephone mast," and a "text message blaster," to bypass network operators' anti-phishing defenses.The Register
June 12, 2024 – Criminals
Forced-Labor Camps Fuel Billions of Dollars in Cyber Scams Full Text
Abstract
Chinese crime syndicates have shifted their operations from illicit gambling houses to online cybercrime fraud due to border closures and increased scrutiny in 2020. These syndicates have successfully stolen billions of dollars through various scams.Dark Reading
June 11, 2024 – Malware
Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups Full Text
Abstract
Noodle RAT is a backdoor used by Chinese-speaking groups for cybercrime and espionage. This malware, both its Windows and Linux versions, has existed since 2016 but was misidentified as variants of other malware.Trend Micro
June 11, 2024 – Solution
Radare: Open-Source Reverse Engineering Framework Full Text
Abstract
Radare started as a simple command-line hexadecimal editor but has evolved to become a versatile tool for various tasks such as debugging, disassembling, and exploring different architectures.Help Net Security
June 11, 2024 – Malware
Latest Variant of ValleyRAT Delivered via DLL Sideloading and Process Injection Full Text
Abstract
The downloader and loader utilized in the campaign employ various techniques, including anti-virus checks, DLL sideloading, and process injection. The configuration to communicate to the C2 server is identified by a specific marker.ZScalar
June 11, 2024 – General
Cybersecurity Pros Change Strategies to Combat AI-Powered Threats Full Text
Abstract
The increase in AI-powered cyber threats has led 75% of security professionals to change their cybersecurity strategies, with a focus on prevention, according to a study by Deep Instinct.Help Net Security
June 11, 2024 – Denial Of Service
DDoS Attacks Target EU Political Parties as Elections Begin Full Text
Abstract
Cloudflare has detected and mitigated multiple DDoS attack waves on election-related sites and political parties in the Netherlands. The attacks peaked at 115 million and 44 million requests per hour, respectively.Bleeping Computer
June 11, 2024 – Education
Why CISOs Need to Build Cyber Fault Tolerance Into Their Business Full Text
Abstract
To enhance cybersecurity measures, CISOs should focus on three key areas: building cyber fault tolerance, streamlining the cyber toolset, and developing a resilient cyber workforce.Help Net Security
June 11, 2024 – Phishing
More_eggs Activity Persists via Fake Job Applicant Lures Full Text
Abstract
Cybersecurity researchers have discovered a phishing attack that utilizes the More_eggs malware by disguising it as a resume, a tactic that was first detected over two years ago.Esentire
June 11, 2024 – IOT
IoT Vulnerabilities Skyrocket, Becoming Key Entry Point for Attackers Full Text
Abstract
According to a Forescout report, IoT vulnerabilities have increased by 136% compared to last year. The study analyzed nearly 19 million devices and found that the proportion of IoT devices with vulnerabilities rose from 14% in 2023 to 33% in 2024.Infosecurity Magazine
June 11, 2024 – General
Report: Few CFOs Control Cybersecurity Budgets Full Text
Abstract
While it might seem logical for CFOs to have control over cybersecurity budgets, a recent survey by RSM US found that tech executives are making the decisions on allocating money to keep digital operations safe.Cybersecurity Dive
June 11, 2024 – Breach
Pandabuy was Extorted Twice by the Same Threat Actor Full Text
Abstract
Pandabuy admitted to paying an undisclosed amount to prevent the data leak but discovered that the threat actor may have shared the data with others. Later, the threat actor offered the entire stolen database for sale.Security Affairs
June 10, 2024 – Phishing
Feds Seize Domains Linked to Crypto Investment Scam Preying on New York’s Russian Diaspora Full Text
Abstract
The scam involved fraudulent cryptocurrency investments and a shared narrative that enticed victims through Facebook advertisements featuring a deepfake video of Elon Musk.The Record
June 10, 2024 – Solution
Windows Recall Will be Opt-in and the Data More Secure, Microsoft Says Full Text
Abstract
Microsoft has now made the feature optional, meaning it will be off by default unless users choose to enable it. Additionally, the search index database, which holds the content from the screenshots, will be encrypted.Help Net Security
June 10, 2024 – Malware
Malicious VSCode Extensions with Millions of Installs Discovered Full Text
Abstract
Researchers found that the malicious code went undetected by endpoint detection and response (EDR) tools, as VSCode is treated leniently due to its nature as a development and testing system.Bleeping Computer
June 10, 2024 – Attack
Russian Hacktivists Vow Mass Attacks Against EU Elections Full Text
Abstract
A Russian hacktivist group, NoName57(16), along with seven other groups, has announced plans to launch mass cyber attacks on European internet infrastructure during the EU elections.The Register
June 10, 2024 – Phishing
Malicious AutoIt Script Delivers Vidar Stealer via Drive-by Downloads Full Text
Abstract
The attack utilized Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload. The user was lured to a website claiming to offer a Windows activator but was in fact hosting the malware.Esentire
June 10, 2024 – General
Report: 26% of Organizations Lack Any Form of IT Security Training Full Text
Abstract
A recent survey conducted by Hornetsecurity has found that 26% of organizations do not provide any IT security training to their end-users. This lack of training is worrying, considering that employees are the first line of defense against attacks.Help Net Security
June 10, 2024 – Policy and Law
Guardian Analytics and Webster Bank Settle $1.4 Million Data Breach Lawsuit Full Text
Abstract
Plaintiffs contended that both Guardian Analytics, a provider of data analytics services to financial institutions, and Webster Bank, failed to implement sufficient measures to safeguard sensitive customer information.The Cyber Express
June 10, 2024 – Government
CISA Planning JCDC Overhaul as Experts Criticize Slow Start Full Text
Abstract
The top U.S. cyber defense agency may overhaul its flagship public-private partnership as experts say the initiative is floundering due to unclear membership rules and participation hurdles.Healthcare Info Security
June 10, 2024 – General
Cyber Insurance Isn’t the Answer for Ransom Payments Full Text
Abstract
Ransomware continues to pose a significant threat to organizations, with 41% of data compromised during cyberattacks, according to Veeam. The use of AI has led to more advanced and sophisticated attacks, impacting 75% of organizations in 2023.Help Net Security
June 10, 2024 – Government
FCC Greenlights $200M Pilot for School and Library Cybersecurity Full Text
Abstract
The Federal Communications Commission on Thursday voted to kickstart a three year pilot program that would study the use of agency funding to support cybersecurity services and equipment for school and library networks.NextGov
June 6, 2024 – Breach
Hundreds of Websites Targeted by Fake Google Chrome Update Pop-Ups Full Text
Abstract
Hackers inject malicious code into vulnerable websites, displaying a misleading pop-up message urging users to update their web browsers. Clicking on the provided link leads to downloading malware like a remote access trojan or an info-stealer.Sucuri
June 6, 2024 – Malware
Muhstik Malware Targets Message Queuing Services Applications Full Text
Abstract
A remote code execution vulnerability, CVE-2023-33246, was discovered for RocketMQ versions 5.1.0 and below, allowing attackers to execute commands within the system using the update configuration function.Aqua
June 6, 2024 – Attack
Novel ‘Commando Cat’ Cryptojacking Campaign Abuses Docker Remote API Servers Full Text
Abstract
The attack utilizes Docker images from the open-source Commando project. The attackers use the cmd.cat/chattr image to gain initial access to the server and employ techniques like chroot and volume binding to access the host system.Trend Micro
June 6, 2024 – Breach
Check-in Terminals Used at Thousands of Hotels Found Leaking Guest Information Full Text
Abstract
Ariane Systems self-check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests’ personal information and the keys for other rooms.Bleeping Computer
June 6, 2024 – Ransomware
RansomHub Extortion Gang Linked to Now-Defunct Knight Ransomware Full Text
Abstract
Symantec analysts discovered similarities between the two ransomware families, indicating a common origin. They also believe that RansomHub is run by another actor who purchased the Knight source code.Bleeping Computer
June 6, 2024 – Malware
CarnavalHeist Banking Trojan Targets Brazil with Overlay Attacks Full Text
Abstract
The malware primarily targets Brazilian users, as evidenced by the use of Portuguese throughout the infection chain and the C2 infrastructure exclusively using the BrazilSouth availability zone on Microsoft Azure.PC Risk
June 6, 2024 – Education
AI Jailbreaks: What They are and How They can be Mitigated Full Text
Abstract
AI jailbreaks can lead to various risks and harms, including unauthorized data access, sensitive data exfiltration, generating ransomware, subversion of decision-making systems, and IP infringement.Microsoft
June 6, 2024 – Vulnerabilities
Vulnerability in Cisco Webex Cloud Service Exposed Government Authorities, Companies Full Text
Abstract
A vulnerability in Cisco Webex allowed a German journalist to find links to video conference meetings held by the Bundeswehr and the SPD, affecting both self-hosted and cloud instances.Help Net Security
June 6, 2024 – Malware
DarkCrystal RAT Delivered via Signal Messenger Full Text
Abstract
Cybersecurity experts have found that the Signal messenger app is being used to distribute DarkCrystal RAT. This malware is being targeted at high-profile individuals in Ukraine, including government officials and military personnel.Broadcom
June 5, 2024 – Breach
Chinese Threat Clusters Triple-Team High-Profile Asian Government Organization Full Text
Abstract
The attackers successfully stole numerous files and emails, including strategic documents related to the South China Sea, a territory contested by the victim government and China.Dark Reading
June 5, 2024 – Ransomware
TargetCompany’s Linux Variant Targets ESXi Environments Full Text
Abstract
The TargetCompany ransomware group is now employing a new Linux variant that uses a custom shell script as a means of payload delivery and execution, a technique not seen in previous variants.Trend Micro
June 5, 2024 – Vulnerabilities
Patch Your Hardy Barth cPH2 Wallbox for Critical Security Flaw Full Text
Abstract
Interpol404, a threat actor (TA) is selling exploit code for a critical security vulnerability (CVE-2023-46359) on the Nuovo BreachForums. The TA has set a price tag of $200 for this vulnerability.The Cyber Express
June 5, 2024 – Phishing
V3B Phishing Kit Targets Over 50 European Banks, Bypasses MFA Full Text
Abstract
The V3B phishing kit is designed to evade detection and supports real-time interaction to bypass MFA. In addition to traditional tokens such as SMS codes, it handles QR Codes and PhotoTAN authentication methods.Bank Info Security
June 5, 2024 – General
Africa Ranks Low on Phishing Cyber Resilience Full Text
Abstract
Findings from KnowBe4 show that Africa's baseline phish-prone percentage (PPP) jumped from 32.8% to 36.7% in one year. In other words, more than one in three individuals in a company will fall for phishing schemes.Dark Reading
June 5, 2024 – Vulnerabilities
Android Security Bulletin for June 2024 Addresses 37 Vulnerabilities Full Text
Abstract
The June 2024 update for Android includes patches for high-severity flaws in the Framework and System components, addressing issues such as elevation of privilege and information disclosure.Android
June 5, 2024 – General
Account Takeovers Outpace Ransomware as Top Security Concern Full Text
Abstract
According to the 2024 State of Cloud Account Takeover Attacks report by Abnormal Security, 83% of organizations experienced at least one account takeover in the past year.Infosecurity Magazine
June 5, 2024 – Vulnerabilities
Zyxel Issues Emergency RCE Patch for End-of-Life NAS Devices Full Text
Abstract
An attacker can exploit the vulnerabilities to perform command injection attacks and achieve remote code execution. Two flaws can also allow attackers to elevate privileges.Bleeping Computer
June 5, 2024 – General
Microsoft Deprecates Windows NTLM Authentication Protocol Full Text
Abstract
Microsoft says the NTLM protocols, which are still widely used today, are no longer under active development as of June and will be phased out in favor of more secure alternatives.Bleeping Computer
June 5, 2024 – Ransomware
‘Fog’ Ransomware Rolls in to Target Education, Recreation Sectors Full Text
Abstract
Fog attacks typically begin with stolen virtual private network (VPN) credentials, an increasingly popular means of initial access into sizable organizations. The group has exploited two different VPN gateway vendors thus far.Dark Reading
June 4, 2024 – General
Security Challenges Mount as Companies Handle Thousands of APIs Full Text
Abstract
Modern applications are taking over enterprise portfolios, with apps classed as modern now making up 51% of the total, up by more than a quarter in the last year, according to F5.Help Net Security
June 4, 2024 – Malware
Sophisticated RAT Targeting Gulp Projects on npm Full Text
Abstract
The NPM package masquerades as a logger for gulp and gulp plugins and has been downloaded 175 times. It contains two obfuscated files that work together to deploy the malicious payload.Phylum
June 4, 2024 – Vulnerabilities
Azure Service Tags Tagged as Security Risk, Microsoft Disagrees Full Text
Abstract
Azure Service Tags, which are used for firewall filtering and access control, have been flagged as a security risk by Tenable. They discovered a vulnerability that could enable attackers to access customers' confidential information.Bleeping Computer
June 4, 2024 – Malware
New Android Trojan ‘Viper RAT’ Advertised on Dark Web Forums to Steal User Data Full Text
Abstract
The threat actor behind Viper RAT has established a dedicated website and a Telegram account for ordering, adding a level of credibility. The cost of this malicious tool is surprisingly low, suggesting malicious intent.The Cyber Express
June 4, 2024 – Vulnerabilities
Experts Released PoC Exploit Code for a Critical Bug in Progress Telerik Report Servers Full Text
Abstract
Researchers published a proof-of-concept (PoC) exploit code for an authentication bypass vulnerability on Progress Telerik Report Servers. Telerik Report Server is an end-to-end report management solution developed by Progress® Telerik.Security Affairs
June 4, 2024 – Phishing
Malicious Excel File Deploys Cobalt Strike in Advanced Attack on Ukraine Full Text
Abstract
The DLL downloader is obfuscated with ConfuserEx and carries out various tasks, such as terminating processes associated with analysis tools or antivirus software and downloading the next stage payload from a specific URL.Fortinet
June 4, 2024 – General
Resilience Isn’t Enough, NATO Must be ‘Proactive’ for Cyberdefense, Warns Official Full Text
Abstract
NATO allies must allow their militaries to be proactive in cyberspace to prevent disruptions in force deployment during a conflict, warned Christian-Marc Lifländer, head of NATO's cyber and hybrid policy section.The Record
June 4, 2024 – Phishing
WhatsApp Cryptocurrency Scam Goes for the Cash Prize Full Text
Abstract
Any unsolicited WhatsApp message from an unknown person is suspect. No matter how harmless or friendly it may seem. Most pig butchering scams start with what seems a misdirected message.MalwareBytes
June 4, 2024 – General
Businesses Must Prioritize Digital Trust to Avoid Major Problems Full Text
Abstract
As organizations pursue digital transformation, they urgently need to prioritize digital trust to achieve their goals and prepare for future market opportunities, legislation, and regulatory compliance, according to ISACA.Help Net Security
June 4, 2024 – Vulnerabilities
High-Risk Atlassian Confluence RCE Fixed, PoC Available (CVE-2024-21683) Full Text
Abstract
A high-risk remote code execution (RCE) vulnerability in Atlassian Confluence has been fixed. Users should upgrade to the latest version as a Proof of Concept (PoC) and technical details of the flaw (CVE-2024-21683) are already public.Help Net Security
June 3, 2024 – Attack
New Execution Technique Observed in ClearFake Campaign Full Text
Abstract
ReliaQuest observed new execution techniques in a campaign from the JavaScript framework “ClearFake,” tricking users into copying, pasting, and manually executing malicious PowerShell code.ReliaQuest
June 3, 2024 – Malware
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud Full Text
Abstract
McAfee Mobile Research Team found an Android malware that pretends to be the official app of Bahrain and advertises that users can renew or apply for driver’s licenses, visas, and ID cards on mobile.McAfee
June 3, 2024 – Cryptocurrency
Crooks Stole More Than $300M Worth of Bitcoin From DMM Bitcoin Full Text
Abstract
The Japanese cryptocurrency exchange DMM Bitcoin announced that crooks stole 4,502.9 Bitcoin (BTC), approximately $304 million (48.2 billion yen), from its wallets. The company assured that the customers’ BTC deposits will be fully guaranteed.Security Affairs
June 3, 2024 – Attack
LilacSquid Targeted Organizations in the U.S., Europe, and Asia Since 2021 Full Text
Abstract
The attacks targeted entities in multiple industries, including organizations in information technology and industrial sectors in the United States, organizations in the energy sector in Europe, and the pharmaceutical sector in Asia.Security Affairs
June 3, 2024 – Breach
Update: HHS Reverses Course, Allows Change Healthcare to File Breach Notifications for Others Full Text
Abstract
The Department of Health and Human Services (HHS) changed course on Friday and announced that it would allow Change Healthcare to file breach notifications on behalf of the thousands of organizations impacted by February’s ransomware attack.The Record
June 3, 2024 – Vulnerabilities
Critical Apache Log4j2 Flaw Still Threatens Global Finance Full Text
Abstract
The critical Apache Log4j2 vulnerability (CVE-2021-44832) still poses a significant threat to the global finance industry, even though it was discovered and patched over a year ago.Security Affairs
June 3, 2024 – General
Experts Warn of Security Risks in Grid Modernization Full Text
Abstract
As the grid increasingly relies on advanced digital systems and increased interconnectivity, experts warn that the implementation of new technologies must come with robust security measures to protect against major cyber threats.Bank Info Security
June 3, 2024 – Criminals
Update: Europol Identifies Eight Cybercriminals Tied to Malware Loader Botnets Full Text
Abstract
Europol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation.Bleeping Computer
June 3, 2024 – Encryption
Indian Stock Exchange to Now Encrypt All Trader Messages Full Text
Abstract
India's Bombay Stock Exchange (BSE) has told market participants they need to adopt encryption – which, shockingly, isn't already implemented – for certain messages sent to its trading platforms when using its Enhanced Trading Interface (ETI).The Register
June 3, 2024 – Privacy
Exiled Russian, Belarusian Opposition Journalists Targeted With Pegasus Spyware Full Text
Abstract
Researchers have found that at least seven Russian and Belarusian-speaking independent journalists and opposition activists were targeted or infected with the infamous spying malware called Pegasus.The Record
June 1, 2024 – APT
APT28 Targets Key Networks in Europe with Multi-Phase Espionage Campaign Full Text
Abstract
Using the HeadLace malware and credential-harvesting web pages, APT28 operates with great stealth and sophistication, relying on legitimate internet services and off-the-land binaries to conceal their activities.Recorded Future
June 1, 2024 – Phishing
Fake Browser Updates Delivering BitRAT and Lumma Stealer Full Text
Abstract
The infection chain began with a user visiting an infected webpage, which triggered the download of a ZIP archive containing malicious JavaScript code. This code acted as an initial downloader, retrieving payloads from a known BitRAT C2 address.Esentire
June 1, 2024 – Phishing
Shady ‘Merry-Go-Round’ Ad Fraud Network Leaves Orgs Hemorrhaging Cash Full Text
Abstract
Merry-Go-Round is most sophisticated in its anti-detection techniques, using a number of measures to keep away advertisers, cyber analysts, and others who would stand in its way.Dark Reading
June 1, 2024 – Vulnerabilities
Active Exploitation of Unauthenticated Stored XSS Vulnerabilities in WordPress Plugins Full Text
Abstract
Fastly has issued a warning about vulnerabilities in three WordPress plugins, namely WP Statistics, WP Meta SEO, and LiteSpeed Cache, being exploited to inject malicious scripts and backdoors into websites.Fastly
June 1, 2024 – Denial Of Service
DDoS-as-a-Service: The Rebirth Botnet Full Text
Abstract
Preliminary analysis by researchers from 2020 showed that “Rebirth” or “Vulcan” was an IoT-oriented botnet distinctively constructed on Gafgyt, QBot, and STDBot with known exploits.SysDig
June 1, 2024 – General
OpenAI models used in nation-state influence campaigns, company says Full Text
Abstract
The groups used the company’s tools to generate a variety of content — usually text, with some photos — including articles and social media posts, and to debug code and analyze social media activity.The Record
June 1, 2024 – Attack
BEC 4.0: Business Communication Compromise Full Text
Abstract
This email starts as a message from Teams. In this attack campaign, it says “Teams” sent you a message. It says that the end-user has been named the winner of a new iPhone.Avanan