May, 2024
May 31, 2024 – Policy and Law
Hospital Allegedly Skirting Ransomware Death Suit Settlement Full Text
Abstract
The lawsuit filed by plaintiff Teiranni Kidd against Springhill Memorial Hospital in 2019 and amended in June 2020 alleges that Kidd's daughter, Nicko Silar, suffered birth complications and subsequently died due to the ransomware attack.Bank Info Security
May 31, 2024 – General
NFTs Magnets for Fraud, but Not Terrorists, Says US Treasury Full Text
Abstract
The US Treasury Department has assessed the risk of non-fungible tokens (NFTs) being used for illicit finance, and has found them wanting for lack of proper roadblocks preventing illegal applications.The Register
May 31, 2024 – Malware
Pirated Microsoft Office Delivers Malware Cocktail on Systems Full Text
Abstract
Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. The malware delivered to users includes RATs, cryptocurrency miners, malware downloaders, proxy tools, and anti-AV programs.Bleeping Compute
May 30, 2024 – Government
NIST Unveils ARIA to Evaluate and Verify AI Capabilities, Impacts Full Text
Abstract
The Assessing Risks and Impacts of AI (ARIA) program aims to help organizations and individuals determine whether a given AI technology will be valid, reliable, safe, secure, private, and fair once deployed.Help Net Security
May 30, 2024 – Solution
RansomLord: Open-Source Anti-Ransomware Exploit Tool Full Text
Abstract
RansomLord is an open-source tool designed to create PE files that exploit ransomware pre-encryption vulnerabilities. Developed by hyp3rlinx, the tool leverages DLL hijacking tactics and deploys exploits to defend against ransomware.Help Net Security
May 30, 2024 – Malware
PyPI Crypto-Stealer Targets Windows Users, Revives Malware Campaign Full Text
Abstract
The package, which has been downloaded 264 times, is described as an "API Management tool written in Python" but contains code that downloads and installs trojanized Windows binaries capable of surveillance, achieving persistence, and crypto-theft.SonaType
May 30, 2024 – General
Avoiding the Cybersecurity Blame Game Full Text
Abstract
Experts argue the importance of avoiding the "cybersecurity blame game" and shifting the focus from blaming individuals for security incidents to addressing the underlying issues and improving the work environment.Help Net Security
May 30, 2024 – Phishing
Surge in Discord Malware Attacks as 50,000 Malicious Links Uncovered Full Text
Abstract
In a recent six-month analysis, cybersecurity firm Bitdefender has uncovered a troubling trend: cybercriminals are using Discord, a popular communication platform, to distribute malware and execute phishing campaigns.HackRead
May 30, 2024 – Government
NIST Expects to Clear Backlog in Vulnerabilities Database by End of Fiscal Year Full Text
Abstract
The National Institute of Standards and Technology (NIST) said it has awarded a new contract to an outside vendor that will help the federal government process software and hardware bugs added to the National Vulnerability Database (NVD).The Record
May 30, 2024 – Denial Of Service
Three-Day DDoS Attack Batters the Internet Archive Full Text
Abstract
The Internet Archive has been under a multi-day distributed denial-of-service (DDoS) attack since Sunday, with attackers sending tens of thousands of fake information requests per second.The Register
May 30, 2024 – General
Identity-Related Incidents Becoming Severe, Costing Organizations a Fortune Full Text
Abstract
Identity-related incidents continue to dominate today’s headlines. With the rise of identity sprawl and system complexity, more businesses are suffering identity-related incidents than ever before, according to IDSA.Help Net Security
May 30, 2024 – Criminals
Police Seize Over 100 Malware Loader Servers, Arrest Four Cybercriminals Full Text
Abstract
The seized infrastructure was spread across Europe and North America, hosting over 2,000 domains that facilitated illicit services, all under the control of the authorities now.Bleeping Computer
May 30, 2024 – General
Australian Industries Need OT-IT Convergence to Beat Attacks Full Text
Abstract
As critical infrastructure companies provide essential services to the wider public, a successful cyberattack on these organizations could mean significant financial gain or geopolitical impact for attackers.Bank Info Security
May 29, 2024 – Government
Watchdog calls out EPA for continued cybersecurity concerns Full Text
Abstract
In its annual report on open priority recommendations for the agency, the GAO called out the EPA for failing to outline a procedure for assessing vulnerabilities across its operations.NextGov
May 29, 2024 – Policy and Law
Chinese Nationals Sanctioned for Botnet Used to Steal ‘Billions’ in COVID-19 Relief Funds Full Text
Abstract
According to the Treasury, the botnet was especially useful “when carrying out credit card theft” and was used to facilitate tens of thousands of fraudulent applications related to COVID-19 relief funding.The Record
May 29, 2024 – Business
Transcend Gets $40M to Advance Privacy Tech for Enterprises Full Text
Abstract
Transcend said the $40 million investment will encode privacy controls directly into business systems and address the full personal data privacy life cycle from discovery and classification to responding to data deletion and access requests.Gov Infosecurity
May 29, 2024 – Government
The Evolution of Security Metrics for NIST CSF 2.0 Full Text
Abstract
Combining effective use of metrics plus a deeper understanding of how security processes play out is the best way to build more security agility and enable teams to react more quickly and effectively.Help Net Security
May 29, 2024 – Malware
New ATM Malware Family Emerged in the Threat Landscape Full Text
Abstract
“The developers of this malware claim that it can generate up to $30,000 per ATM, making it a lucrative tool for cybercriminals,” reported the website DailyDarkweb. “The malware is fully automated, simplifying its deployment and operation.”Security Affairs
May 29, 2024 – General
CVE Exploitation Nearly Tripled in 2023, Verizon Finds Full Text
Abstract
The exploitation of vulnerabilities almost tripled as an initial access vector in 2023, fueled in part by the MOVEit breach, Verizon said in its Data Breach Investigations Report released Wednesday.Cybersecurity Dive
May 29, 2024 – General
Report: 34% of Organizations Lack Cloud Cybersecurity Skills Full Text
Abstract
Incident response today is too time consuming and manual, leaving organizations vulnerable to damage due to their inability to efficiently investigate and respond to identified threats, according to Cado Security.Help Net Security
May 29, 2024 – Denial Of Service
CatDDoS Botnet Exploits Over 80 Known Security Flaws to Execute DDoS Attacks Full Text
Abstract
CatDDoS uses the ChaCha20 algorithm to encrypt communications with the command-and-control (C2) server and makes use of an OpenNIC domain for C2 in an attempt to evade detection.QianXin
May 29, 2024 – Cryptocurrency
Indian Man Stole $37 Million in Crypto Using Fake Coinbase Pro Site Full Text
Abstract
The fake site was created to trick legitimate Coinbase customers into entering their login credentials and two-factor authentication codes, thinking it was the actual site.Bleeping Computer
May 29, 2024 – General
Widespread Data Silos Slow Down Security Response Times Full Text
Abstract
Although the goals and challenges of IT and security professionals intersect, 72% report security data and IT data are siloed in their organization, which contributes to corporate misalignment and elevated security risk, according to Ivanti.Help Net Security
May 28, 2024 – General
Ransomhub’s Latest Attack Raises Alarms for Industrial Control Systems (ICS) Security Full Text
Abstract
The Ransomhub ransomware group’s modus operandi involves encrypting data and leveraging access to SCADA systems to disrupt essential functions, as evidenced in their recent breach.The Cyber Express
May 28, 2024 – Attack
CERT-UA Warns of Malware Campaign Conducted by Threat Actor UAC-0006 Full Text
Abstract
SmokeLoader acts as a loader for other malware, once it is executed it will inject malicious code into the currently running explorer process (explorer.exe) and download another payload to the system.Security Affairs
May 28, 2024 – Vulnerabilities
SingCERT Warns Critical Vulnerabilities Found in Multiple WordPress Plugins Full Text
Abstract
Security updates have been promptly released to address these critical vulnerabilities in multiple WordPress plugins. SingCERT reported 9 critical plugin vulnerabilities and shared the mitigation strategies to avoid exploration by threat actors.The Cyber Express
May 28, 2024 – Education
Digital ID Adoption: Implementation and Security Concerns Full Text
Abstract
As digital transformation accelerates, understanding how businesses are preparing for and implementing digital ID technologies is crucial for staying ahead in security and efficiency, according to Regula.Help Net Security
May 28, 2024 – Attack
Update: Threat Actors Created Rogue VMs to Evade Detection During December 2023 Attack on MITRE Full Text
Abstract
According to the new update, threat actors exploited zero-day flaws in Ivanti Connect Secure (ICS) and created rogue virtual machines (VMs) within the organization’s VMware environment.Security Affairs
May 28, 2024 – Government
White House Announces Plans to Revamp Data Routing Security by Year-End Full Text
Abstract
The augmentations concern the Border Gateway Protocol, a backbone data transmission algorithm that determines the optimal path for data packets to move across networks, said National Cyber Director Harry CokerNextGov
May 28, 2024 – Vulnerabilities
Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors Full Text
Abstract
When DDNS is combined with automatic TLS certificate generation using ACME clients, the public Certificate Transparency logs can be abused by attackers to find vulnerable devices en masse.Security Affairs
May 28, 2024 – General
Human Error Still Perceived as the Achilles’ Heel of Cybersecurity Full Text
Abstract
While fears of cyberattacks continue to rise, CISOs demonstrate increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape, according to Proofpoint.Help Net Security
May 28, 2024 – Phishing
Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling Full Text
Abstract
One campaign uses HTML smuggling to hide the phishing content from network inspection. The other uses a method called transparent phishing, where the attacker uses Cloudflare Workers to act as a reverse proxy server for a legitimate login page.NetSkop
May 27, 2024 – Policy and Law
Australian Telecom Watchdog Sues Optus Over 2022 Data Breach Full Text
Abstract
The Australian Communications and Media Authority said it has filed proceedings against Optus in a federal court as the company failed to protect sensitive customer data during a data breach in September 2022 that affected close to 10 million people.Bank Info Security
May 27, 2024 – Vulnerabilities
NVD Leaves Exploited Vulnerabilities Unchecked Full Text
Abstract
In the report published on May 23, VulnCheck showed that 30 out of 59 known exploited vulnerabilities (KEVs) registered since February 12 have not yet been analyzed by the NVD team.Infosecurity Magazine
May 27, 2024 – Malware
Malicious PyPI Packages Targeting Highly Specific MacOS Machines Full Text
Abstract
Cybersecurity researchers at Datadog Security Labs discovered malicious software packages targeting MacOS users through the Python Package Index (PyPI) and NPM repository.DataDog
May 27, 2024 – General
Worried About Job Security, Cyber Teams Hide Security Incidents Full Text
Abstract
The frequency and severity of attacks are increasing—yet most businesses remain unprepared, according to VikingCloud. Between a growing talent shortage, alert fatigue, and new sophisticated attack methods, companies are more susceptible than ever.Help Net Security
May 27, 2024 – Phishing
Hackers Phish Finance Organizations in the US and Europe Using Trojanized Minesweeper Clone Full Text
Abstract
CERT-UA reports that research following the initial discovery of this attack revealed at least five potential breaches by the same files in financial and insurance institutions across Europe and the United States.Bleeping Computer
May 27, 2024 – General
Seizing Control of the Cloud Security Cockpit Full Text
Abstract
Cloud applications and SaaS tools have countless configuration options that are often poorly documented and can change frequently, making it difficult to ensure they are securely configured.Dark Reading
May 27, 2024 – Phishing
Fake Antivirus Websites Used to Distribute Info-Stealer Malware Full Text
Abstract
Researchers at Trellix Advanced Research Center spotted fake AV sites used to distribute info-stealers. The malicious websites hosted sophisticated malicious files such as APK, EXE, and Inno setup installer, including spying and stealer capabilities.Security Affairs
May 27, 2024 – Government
EU Wants Universities to Work with Intelligence Agencies to Protect Their Research Full Text
Abstract
Europe’s leading research universities should work more closely with the continent’s intelligence agencies to help secure their research from being stolen by hostile states, EU member states recommended this week.The Record
May 27, 2024 – Phishing
Arc Browser’s Windows Launch Targeted by Google Ads Malvertising Full Text
Abstract
According to a report by Malwarebytes, cybercriminals prepared for the product launch, setting up malicious advertisements on Google Search to lure users looking to download the new web browser.Bleeping Computerr
May 27, 2024 – Solution
Fail2Ban: Ban hosts that cause multiple authentication errors Full Text
Abstract
Fail2Ban is an open-source tool that monitors log files and blocks IP addresses that exhibit repeated failed login attempts. It does this by updating firewall rules to reject new connections from those IP addresses for a configurable amount of time.Help Net Security
May 25, 2024 – Phishing
Cybercriminals Exploit Cloud Storage for SMS Phishing Scams Full Text
Abstract
Security researchers have revealed a series of criminal campaigns that exploit cloud storage services such as Amazon S3, Google Cloud Storage, Backblaze B2 and IBM Cloud Object Storage.Infosecurity Magazine
May 25, 2024 – Government
NSA Issues Guidance for Maturing Application, Workload Capabilities Under Zero Trust; Dave Luber Quoted Full Text
Abstract
“This guidance helps organizations disrupt malicious cyber activity by applying granular access control and visibility to applications and workloads in modern network environments,” said Dave Luber, director of cybersecurity at NSA.ExecutiveGov
May 25, 2024 – Phishing
Beware of HTML Masquerading as PDF Viewer Login Pages Full Text
Abstract
Forcepoint X-Labs has recently observed a significant number of phishing email instances in their telemetry targeting various government departments in APAC that masquerade as PDF viewer login pages.Forcepoint
May 25, 2024 – Hacker
Sharp Dragon Expands Towards Africa and The Caribbean Full Text
Abstract
The threat actors demonstrate increased caution in selecting their targets, broadening their reconnaissance efforts, and adopting Cobalt Strike Beacon over custom backdoors.Checkpoint
May 24, 2024 – General
CISOs Pursuing AI Readiness Should Start by Updating Their Email Security Policy Full Text
Abstract
Effective, updated policies are foundational to an organization's cybersecurity strategy in this new era of AI-driven attacks. CISOs must proactively adapt their email security approach to protect against the latest social engineering threats.Help Net Security
May 24, 2024 – Malware
BloodAlchemy Malware Used to Target Government Agencies in Southern and Southeastern Asia Full Text
Abstract
BLOODALCHEMY is an updated version of Deed RAT, which is believed to be a successor to ShadowPad malware. It has been used in attacks targeting government organizations in Southern and Southeastern Asia.Itochuci
May 24, 2024 – Criminals
Morocco-based Cybercriminals Cashing in on Bold Gift Card Scams Full Text
Abstract
“Rather than scam or phish everyday people directly for gift card-based payments, Storm-0539 infiltrates large retailers and fraudulently issues gift card codes to themselves, virtually printing their own money,” Microsoft’s Vasu Jakkal explained.The Record
May 24, 2024 – Business
Bugcrowd Buys Informer to Enhance Attack Surface Management Full Text
Abstract
Bugcrowd CEO Dave Gerry said their acquisition of Brighton, England-based Informer will fuel the adoption of Bugcrowd's penetration testing technology and prompt clients to expand the scope of their bug bounty programs.Bank Info Security
May 24, 2024 – Vulnerabilities
Three-Year-Old Apache Flink Flaw Now Under Active Attack Full Text
Abstract
An improper access control bug in Apache Flink that was fixed in January 2021 has been added to the US government's Known Exploited Vulnerabilities Catalog, meaning criminals are right now abusing the flaw in the wild to compromise targets.The Register
May 24, 2024 – Vulnerabilities
High-Severity GitLab Flaw Lets Attackers Take Over Accounts Full Text
Abstract
The security flaw (tracked as CVE-2024-4835) is an XSS weakness in the VS code editor (Web IDE) that lets threat actors steal restricted information using maliciously crafted pages.Bleeping Computer
May 22, 2024 – General
More Than 70% of Surveyed Water Systems Failed to Meet EPA Cyber Standards Full Text
Abstract
Over 70% of water systems surveyed since last September failed to meet certain EPA security standards, leaving them vulnerable to cyberattacks that could disrupt wastewater and water sanitation systems nationwide, the EPA reported on Monday.NextGov
May 22, 2024 – Attack
GhostEngine Mining Attacks Kill EDR Security Using Vulnerable Drivers Full Text
Abstract
A malicious crypto mining campaign codenamed 'REF4578,' has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner.Bleeping Computer
May 22, 2024 – Government
ARPA-H Pledges $50M for Hospital IT Security Auto-Patching Full Text
Abstract
The US government's Advanced Research Projects Agency for Health (ARPA-H) has pledged more than $50 million to fund the development of technology that aims to automate the process of securing hospital IT environments.The Register
May 22, 2024 – Criminals
Breach Forums Plans Dark Web Return This Week Despite FBI Crackdown Full Text
Abstract
ShinyHunters disclosed to Hackread.com their suspicion that Baphomet may have surrendered backend credentials to the FBI, leading to the complete seizure of the forum’s Escrow, both dark web and clearnet domains.HackRead
May 22, 2024 – Privacy
Snapchat Revises AI Privacy Policy Following UK ICO Probe Full Text
Abstract
Instant messaging app Snapchat its artificial intelligence-powered tool under compliance after the U.K. data regulator said it violated the privacy rights of individual Snapchat users.Healthcare Info Security
May 22, 2024 – Vulnerabilities
Set of Bugs Puts Software Company and IoT Device Makers Into Motion Full Text
Abstract
Cybersecurity researchers and Internet of Things (IoT) technology companies say they worked together to eliminate four software vulnerabilities that could have given malicious hackers deep access to networks.The Record
May 22, 2024 – Solution
Authelia: Open-Source Authentication and Authorization Server Full Text
Abstract
Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests.Help Net Security
May 22, 2024 – Malware
Exploring the Depths of SolarMarker’s Multi-tiered Infrastructure Full Text
Abstract
The core of SolarMarker’s operations is its layered infrastructure, which consists of at least two clusters: a primary one for active operations and a secondary one likely used for testing new strategies or targeting specific regions or industries.Recorded Future
May 22, 2024 – Breach
100 Groups Urge Feds to Put UHG on Hook for Breach Notices Full Text
Abstract
Over 100 medical associations and industry groups, representing thousands of U.S. doctors and healthcare professionals, have urged the HHS to hold Change Healthcare accountable for breach notifications following a massive February ransomware attack.Bank Info Security
May 22, 2024 – Vulnerabilities
Veeam Warns of Critical Backup Enterprise Manager Auth Bypass Bug Full Text
Abstract
?Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM).Bleeping Computer
May 21, 2024 – General
New ‘Siren’ Mailing List Aims to Share Threat Intelligence for Open Source Projects Full Text
Abstract
The Open Source Security Foundation (OpenSSF) announced a new email mailing list named Siren that aims to spread threat intelligence related to open-source projects. It will be publicly viewable and will only require registration to post on the list.The Record
May 21, 2024 – Vulnerabilities
QNAP QTS Zero-Day in Share Feature Gets Public RCE Exploit Full Text
Abstract
An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.Bleeping Computer
May 21, 2024 – Attack
Void Manticore Launches Destructive Attacks on Albania and Israel Full Text
Abstract
Void Manticore utilizes five different methods to conduct disruptive operations against its victims. This includes several custom wipers for both Windows and Linux, alongside manual deletion of files and shared drives.Checkpoint
May 21, 2024 – General
Chinese Telco Gear May Get Banned in Germany Full Text
Abstract
Germany is considering banning the use of Huawei and ZTE equipment in its 5G networks due to national security concerns, despite industry opposition and the potential high costs associated with the removal of the Chinese-made technology.The Register
May 21, 2024 – Government
CISA Warns of Actively Exploited NextGen Mirth Connect Pre-Auth RCE Vulnerability Full Text
Abstract
The CISA has required federal agencies to update to a patched version of Mirth Connect (version 4.4.1 or later) by June 10, 2024, to secure their networks against active threats.Horizon S3
May 21, 2024 – Deepfake
Consumers Continue to Overestimate Their Ability to Spot Deepfakes Full Text
Abstract
The Jumio 2024 Online Identity Study reveals that while consumers are increasingly concerned about the risks posed by deepfakes and generative AI, they continue to overestimate their ability to detect these deceptions.Help Net Security
May 21, 2024 – Vulnerabilities
‘Linguistic Lumberjack’ Flaw in Logging Utility Fluent Bit Impacts Cloud Services Full Text
Abstract
Cybersecurity researchers have discovered a critical vulnerability, dubbed "Linguistic Lumberjack," in the popular logging and metrics utility Fluent Bit that could allow for denial-of-service (DoS), information disclosure, or remote code execution.Tenable
May 21, 2024 – Privacy
The Mystery of the Targeted Ad and the Library Patron Full Text
Abstract
An attorney discovered that the mobile ads she saw were reflecting her recent library audiobook borrowing habits, raising concerns about the privacy of library patron data and the potential for targeted advertising based on that information.The Register
May 21, 2024 – Phishing
North Korea-Linked Kimsuky APT Attack Targets Victims via Messenger Full Text
Abstract
Researchers at Genians Security Center (GSC) identified the North Korea-linked Kimsuky APT group targeting victims via Facebook Messenger, using fake accounts posing as South Korean officials to deliver malware.Security Affairs
May 21, 2024 – Criminals
Cybercriminals Shift Tactics to Pressure More Victims Into Paying Ransoms Full Text
Abstract
Cybercriminals' new tactics led to a 64% increase in ransomware claims in 2023, driven by a 415% rise in "indirect" incidents and remote access vulnerabilities, pressuring more victims to pay ransoms, according to At-Bay.Help Net Security
May 20, 2024 – Policy and Law
Chinese Duo Indicted for Laundering $73m in Pig Butchering Case Full Text
Abstract
Two Chinese nationals have been indicted for their alleged involvement in a multimillion-dollar "pig butchering" investment fraud scheme, where they laundered over $73 million through US financial institutions and cryptocurrency wallets.Infosecurity Magazine
May 20, 2024 – General
Too Many ICS Assets are Exposed to the Public Internet Full Text
Abstract
The enterprise attack surface is rapidly expanding due to the convergence of IT and OT systems, leading to a large number of ICS assets being exposed to the public internet and creating new vulnerabilities that security teams struggle to manage.Help Net Security
May 20, 2024 – Policy and Law
US SEC Approves Wall Street Data Breach Reporting Regs Full Text
Abstract
The SEC has approved new regulations that require broker-dealers and investment firms to notify their clients within 30 days of detecting a data breach, in an effort to modernize and enhance the protection of consumers' financial data.Healthcare Infosecurity
May 20, 2024 – Vulnerabilities
AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain Full Text
Abstract
A critical vulnerability in the Jinja2 template rendering Python tool used by the llama_cpp_python package for integrating AI models can allow hackers to execute arbitrary code, putting systems and data at risk.HackRead
May 20, 2024 – Policy and Law
Judge Denies Class Certification in Blackbaud Hack Lawsuit Full Text
Abstract
The judge said the plaintiffs did not show an "administratively feasible" way for the court to determine whether a particular individual is a class member without extensive and individualized fact-finding.Bank Info Security
May 20, 2024 – Malware
Latrodectus Malware Loader Emerges as Potential Replacement for IcedID Full Text
Abstract
Researchers have observed a surge in email phishing campaigns delivering Latrodectus, a new malware loader believed to be the successor to the IcedID malware, which is capable of deploying additional payloads such as QakBot, DarkGate, and PikaBot.Elastic
May 20, 2024 – Education
The Importance of Access Controls in Incident Response Full Text
Abstract
Adequate IAM policies are essential for incident management tooling to ensure the right people can quickly address issues without being blocked. Authentication verifies a person's identity, while authorization manages permissions and access levels.Help Net Security
May 20, 2024 – Malware
Grandoreiro Banking Trojan is Back With Major Updates Full Text
Abstract
The Grandoreiro banking Trojan has resurfaced with major updates, including enhanced functionality and the ability to target over 1500 global banking applications and websites in more than 60 countries, making it a more potent threat.Info Security Magazine
May 20, 2024 – General
Addressing the Cybersecurity Vendor Ecosystem Disconnect Full Text
Abstract
Experts highlight the need for better collaboration within the cybersecurity vendor ecosystem to help security teams defend against increasing automated, machine-generated cyberattacks.Dark Reading
May 20, 2024 – Botnet
Kinsing Hacker Group Expands its Cryptoming Botnet Network with More Vulnerability Exploits Full Text
Abstract
The Kinsing hacker group has demonstrated its ability to continuously evolve and adapt, quickly integrating newly disclosed vulnerabilities into its exploit arsenal to expand its cryptojacking botnet across various operating systems and platforms.The Hacker News
May 18, 2024 – Attack
Kimsuky Hackers Deploy New Linux Backdoor in Attacks on South Korea Full Text
Abstract
Gomir shares many similarities with GoBear and features direct command and control (C2) communication, persistence mechanisms, and support for executing a wide range of commands.Bleeping Computer
May 18, 2024 – Attack
Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024 Full Text
Abstract
Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes for RAT operation, and using HTTPS for C&C communication.Trend Micro
May 18, 2024 – Attack
SugarGh0st RAT Variant Used in Targeted AI Industry Attacks Full Text
Abstract
The May 2024 campaign, dubbed UNK_SweetSpecter, employs the SugarGh0st RAT, a remote access trojan tailored from the Gh0stRAT. This variant, historically linked to Chinese-speaking threat actors, has now been repurposed to target AI-related entities.Infosecurity Magazine
May 18, 2024 – Breach
New Backdoors on a European Government’s Network Appear to be Russian Full Text
Abstract
Researchers with the Slovak cybersecurity firm ESET published a technical analysis on Wednesday of the two backdoors by a suspected Russian threat group, which they named LunarWeb and LunarMail.The Record
May 18, 2024 – Malware
New Android Banking Trojan Mimics Google Play Update App Full Text
Abstract
A new Android banking Trojan called "Antidot" is targeting users across multiple regions by mimicking a Google Play update app and incorporating various malicious features like overlay attacks, keylogging, and remote control capabilities.Infosecurity Magazine
May 17, 2024 – General
Is an Open-Source AI Vulnerability Next? Full Text
Abstract
The challenges within the AI supply chain mirror those of the broader software supply chain, with added complexity when integrating large language models (LLMs) or machine learning (ML) models into organizational frameworks.Help Net Security
May 17, 2024 – Policy and Law
SEC to Require Financial Firms to Have Data Breach Incident Plans Full Text
Abstract
The SEC now requires certain financial institutions to have written policies for detecting, addressing, and notifying customers of data breaches involving their personal information.The Record
May 17, 2024 – General
UK Lags Europe on Exploited Vulnerability Remediation Full Text
Abstract
A report from Bitsight revealed that UK organizations are taking significantly longer than their European counterparts to remediate software vulnerabilities listed in the US CISA's Known Exploited Vulnerability (KEV) catalog.Infosecurity Magazine
May 17, 2024 – Solution
OWASP Dep-Scan: Open-Source Security and Risk Audit Tool Full Text
Abstract
OWASP dep-scan is an open-source security and risk assessment tool that analyzes project dependencies to identify vulnerabilities, licensing issues, and potential risks like dependency confusion attacks.Help Net Security
May 17, 2024 – Government
New UK System Will See ISPs Benefit From Same Protections as Government Networks Full Text
Abstract
The UK's NCSC has launched a new "Share and Defend" system that will provide internet service providers with the same malicious domain blocklists used to protect government networks, helping to raise cybersecurity resilience across the country.The Record
May 16, 2024 – Criminals
Brothers Arrested for $25 Million Theft in Ethereum Blockchain Attack Full Text
Abstract
Two brothers, Anton Peraire-Bueno and James Pepaire-Bueno, were arrested for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "first-of-its-kind" scheme.Bleeping Computer
May 16, 2024 – Government
UK: NCSC to Defend ‘High-Risk’ Political Candidates from Cyberattacks Full Text
Abstract
The Personal Internet Protection (PIP) service aims to provide an additional layer of security to individuals at “high-risk” of cyberattacks like spear-phishing, malware and other threats, ahead of the upcoming election year.The Cyber Express
May 16, 2024 – Solution
Android to Add New Anti-Theft and Data Protection Features Full Text
Abstract
Google is adding new anti-theft and data protection features for Android, including AI-powered screen locks, remote locking, and improved factory reset protection to secure users' data if devices are lost or stolen.Bleeping Computer
May 16, 2024 – Business
Palo Alto Networks is Buying Security Assets From IBM to Expand Customer Base Full Text
Abstract
Palo Alto Networks is acquiring IBM's QRadar cloud security software assets and migrating existing customers to its own Cortex XSIAM platform, as part of a broader partnership that will give Palo Alto access to consultants and a larger customer base.CNBC
May 16, 2024 – Government
Cyber Trust Label Could be in Place by End of the Year, White House Says Full Text
Abstract
The Biden administration plans to have consumer devices labeled with the U.S. Cyber Trust Mark on store shelves by the end of 2024, to help consumers understand security and encourage manufacturers to include basic digital defenses.The Record
May 16, 2024 – Vulnerabilities
Researchers Discover 11 Vulnerabilities in GE Ultrasound Devices Full Text
Abstract
Researchers identified 11 security flaws in certain GE HealthCare ultrasound devices, including the Invenia ABUS 2.0, that could allow malicious actors with physical access to the devices to implant ransomware or access and manipulate patient data.Bank Info Security
May 16, 2024 – Solution
Apple and Google Join Forces to Stop Unwanted Tracking Full Text
Abstract
Apple and Google have joined forces to develop an industry specification that will allow users across iOS and Android to be alerted if a Bluetooth tracking device is being used to unknowingly track their location.MalwareBytes
May 16, 2024 – Phishing
Scammers Fake DocuSign Templates to Blackmail & Steal From Companies Full Text
Abstract
Cybercriminals are exploiting the popularity of DocuSign by creating and selling fake email templates and login credentials to enable phishing attacks, blackmail, and business email compromise against targeted companies.Dark Reading
May 16, 2024 – Business
Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure Full Text
Abstract
Alkira, a leader in on-demand network infrastructure as-a-service, has raised $100 million in Series C funding to further expand its innovative platform that simplifies, secures, and scales critical network infrastructure for enterprises.Dark Reading
May 16, 2024 – Vulnerabilities
Google Patches Third Exploited Chrome Zero-Day in a Week Full Text
Abstract
Google has released an emergency security update for Chrome to address the third zero-day vulnerability exploited in attacks within a week, highlighting the ongoing challenges in securing the popular web browser against sophisticated cyber threats.Bleeping Computer
May 15, 2024 – Encryption
A Cost-Effective Encryption Strategy Starts With Key Management Full Text
Abstract
A cost-effective encryption strategy starts with effective key management, which involves making critical decisions about where to store encryption keys, how to manage them, and how to prepare for the post-quantum future.Dark Reading
May 15, 2024 – Attack
Russian Actors Weaponize Legitimate Services in Multi-Malware Attack Full Text
Abstract
The threat actor, likely located in the Commonwealth of Independent States (CIS), strategically targeted a spectrum of operating systems and computer architectures in the credential harvesting campaign, including Windows and macOS.Infosecurity Magazine
May 15, 2024 – Privacy
FTC Fires ‘Shot Across the Bow’ at Automakers Over Connected-Car Data Privacy Full Text
Abstract
The FTC issued a strong warning to automakers about their data collection and sharing practices, particularly regarding the sale of sensitive geolocation data, and emphasized that it will take enforcement action to protect consumer privacy.The Record
May 15, 2024 – General
Report: Data Breaches in US Schools Exposed 37.6M Records Full Text
Abstract
According to Comparitech, data breaches in US schools have exposed over 37.6 million records since 2005, with a significant surge in 2023 due to vulnerabilities in the MOVEit file transfer software affecting over 800 institutions.Infosecurity Magazine
May 15, 2024 – APT
SideCopy APT Campaign Found Targeting Indian Universities Full Text
Abstract
Active since May 2023, the SideCopy APT campaign targets university students through sophisticated infection chains involving malicious LNK files, HTAs, and loader DLLs disguised as legitimate documents.The Cyber Express
May 15, 2024 – General
Australia: AFL Players Call for Data Protection Overhaul as Concerns Include Drug Test Results Full Text
Abstract
AFL players are concerned about the risk of their personal and sensitive information, such as drug test results and psychologist session notes, being leaked onto the dark web due to inadequate data protection measures.The Guardian
May 15, 2024 – Government
CISA, FBI, and DHS Unveil Cybersecurity Guide For Civil Society Groups Full Text
Abstract
The publication Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society is designed to provide high-risk communities with actionable steps to bolster their cybersecurity defenses.Infosecurity Magazine
May 15, 2024 – General
AI Is an Expert Liar Full Text
Abstract
AI systems trained to excel at tasks can learn to lie and deceive in order to gain an advantage, posing serious risks to society such as fraud, election tampering, and even the potential loss of human control over AI.Healthcare Info Security
May 15, 2024 – Government
NIST Issues New Guidelines on Protecting Unclassified Data in Government Systems Full Text
Abstract
The NIST issued new guidelines to help federal agencies and their private sector contractors better protect sensitive unclassified information, known as Controlled Unclassified Information (CUI), from cyber threats, particularly supply chain risks.NEXTGOV
May 15, 2024 – Vulnerabilities
Several Vulnerabilities Addressed in Ubuntu 24.04 Full Text
Abstract
Ubuntu 24.04 LTS has addressed several security vulnerabilities, including issues in less, Glibc, Curl, GnuTLS, libvirt, and Pillow, which could potentially lead to denial of service or arbitrary code execution.TuxCar
May 14, 2024 – Vulnerabilities
NHS Digital Hints at Exploit Sightings of Arcserve UDP Vulnerabilities Full Text
Abstract
The UK's National Health Service (NHS) is warning of possible exploitation attempts targeting vulnerabilities in the Arcserve Unified Data Protection (UDP) software, which were disclosed in March and had PoC exploit code released shortly after.The Register
May 14, 2024 – Policy and Law
Vermont Passes Data Privacy Law Allowing Consumers to Sue Companies Full Text
Abstract
Vermont has passed one of the strongest comprehensive data privacy laws in the country, which includes a provision allowing individuals to sue companies for violating their privacy rights.The Record
May 14, 2024 – Vulnerabilities
Apple Backports Fix for Zero-Day Exploited in Attacks to Older iPhones Full Text
Abstract
The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers with arbitrary kernel read and write capability to bypass kernel memory protections.Bleeping Computer
May 14, 2024 – Phishing
Leveraging DNS Tunneling for Tracking and Scanning Full Text
Abstract
Threat actors are using DNS tunneling as a means to scan for network vulnerabilities and check the success of phishing campaigns, according to new research from Palo Alto Networks.Palo Alto Networks
May 14, 2024 – Ransomware
INC Ransomware Source Code Selling on Hacking Forums for $300,000 Full Text
Abstract
The source code of the INC ransomware-as-a-service (RaaS) operation, which has targeted organizations like Xerox Business Solutions, Yamaha Motor Philippines, and Scotland's National Health Service (NHS), is being sold on hacking forums for $300,000.Bleeping Computer
May 14, 2024 – Insider Threat
Insider Threats Maintain a Rising Trend Full Text
Abstract
Insider threats, including dishonest actions to obtain benefits through theft or deception, have seen a significant rise in the past year, driven by factors like rising cost of living, remote work, and the increasing sophistication of fraud tactics.Tripwire
May 14, 2024 – Phishing
Southeast Asian Scam Syndicates Stealing $64 Billion Annually, Researchers Find Full Text
Abstract
Researchers have found that Southeast Asian scam syndicates are stealing an estimated $64 billion annually through various online fraud operations, with the majority of the losses occurring in Cambodia, Laos, and Myanmar.The Record
May 14, 2024 – Business
Cyber Insurers Pledge to Help Reduce Ransom Payments Full Text
Abstract
The UK's NCSC and major insurance associations have partnered to help reduce the profitability of ransomware attacks by providing better support and guidance to victims, encouraging resilience, and promoting alternatives to paying ransoms.Bank Info Security
May 14, 2024 – Education
Why Tokens are Like Gold for Opportunistic Threat Actors Full Text
Abstract
Tokens are valuable assets for threat actors, as they can be easily obtained through various attack methods and provide unauthorized access to corporate systems without requiring multi-factor authentication.Dark Reading
May 14, 2024 – Vulnerabilities
Google Chrome Emergency Update Fixes Sixth Zero-Day Exploited in 2024 Full Text
Abstract
The latest bug is tracked as CVE-2024-4761. It is an out-of-bounds write problem impacting Chrome’s V8 JavaScript engine, which is responsible for executing JS code in the application.Bleeping Computer
May 13, 2024 – Government
US and China to Hold Discussions on AI Risks and Security Full Text
Abstract
Biden administration officials lowered expectations about the discussions during a call with reporters, saying the talks were "not focused on promoting any technical cooperation" between the two world superpowers on AI or emerging technologies.Bank Info Security
May 13, 2024 – Government
Cyberthreat Landscape Permanently Altered by Chinese Operations, US Officials Say Full Text
Abstract
US officials say that a notorious Chinese hacking operation named Volt Typhoon has permanently altered the cyberthreat landscape by moving beyond traditional nation-state espionage goals and instead aiming to cause disruption and sow societal panic.The Record
May 13, 2024 – Breach
‘Russian’ Hackers Deface Potentially Hundreds of Local British News Sites Full Text
Abstract
The group published a breaking news story titled “PERVOKLASSNIY RUSSIAN HACKERS ATTACK” on the sites of titles owned by Newsquest Media Group. There is no evidence the story was reproduced in print.The Record
May 13, 2024 – General
How Secure is the “Password Protection” on Your Files and Drives? Full Text
Abstract
Password protection alone is not enough to securely protect files and drives, as it can be easily circumvented, and hardware-based encryption is recommended for robust data security.Help Net Security
May 13, 2024 – Criminals
Black Basta Ransomware Group’s Worldwide Victim Count Tops 500 Full Text
Abstract
The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies.Infosecurity Magazine
May 13, 2024 – Government
UK’s AI Safety Institute Unveils Platform to Accelerate Safe AI Develo Full Text
Abstract
The platform, called Inspect, is set to pave the way for the safe innovation of AI models, according to the AI Safety Institute and Department for Science, Innovation and Technology (DIST).Infosecurity Magazine
May 13, 2024 – Breach
Russian Hackers Hijack Ukrainian TV to Broadcast Victory Day Parade Full Text
Abstract
Russia-aligned hackers hijacked several Ukrainian television channels on Thursday to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II.The Record
May 13, 2024 – Malware
GoTo Meeting Software Abused to Deploy Remcos RAT via Rust Shellcode Loader Full Text
Abstract
A recent malware campaign was found exploiting the GoTo Meeting software to deploy the Remcos RAT by using DLL sideloading to execute a malicious DLL file named g2m.dll through a Rust-based shellcode loader.G DATA
May 13, 2024 – Solution
Nmap 7.95 Released With New OS and Service Detection Signatures Full Text
Abstract
Nmap 7.95 introduces a substantial update with 336 new signatures, expanding the total to 6,036. Notable additions include support for the latest iOS versions 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2.Help Net Security
May 13, 2024 – Vulnerabilities
Researchers Use MITM Attack to Bypass FIDO2 Phishing-Resistant Protection Full Text
Abstract
The passwordless authentication standard FIDO2 has a critical flaw that allows attackers to launch Man-in-the-Middle (MitM) attacks and bypass authentication, gaining access to users' private areas and potentially removing their registered devices.SILVERFOR
May 11, 2024 – Vulnerabilities
Attack Makes Autonomous Vehicle Tech Ignore Road Signs Full Text
Abstract
Researchers have developed a technique called "GhostStripe" that can exploit the camera-based computer vision systems of autonomous vehicles, causing them to fail to recognize road signs, making it very risky for Tesla and Baidu Apollo vehicles.The Register
May 11, 2024 – APT
‘The Mask’ Espionage Group Resurfaces After 10-Year Hiatus Full Text
Abstract
An advanced persistent threat (APT) group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa.Dark Reading
May 10, 2024 – Business
Telus Acquires Cybersecurity Services Firm Vumetric Full Text
Abstract
Telus announced Tuesday its acquisition of Vumetric Cybersecurity, a Toronto-based cybersecurity provider that specializes in advanced penetration testing designed to identify cyber vulnerabilities and threats to companies across North America.CARTT
May 10, 2024 – Attack
New LLMjacking Attack Uses Stolen Cloud Credentials to Target Cloud-Hosted AI Models Full Text
Abstract
Sysdig researchers discovered evidence of a reverse proxy for LLMs being used to provide access to the compromised accounts, suggesting a financial motivation. However, another possible motivation is to extract LLM training data.sysdig
May 10, 2024 – Attack
Update: Thwarted Cyberattack Targeted Library of Congress in Tandem With October British Library Breach Full Text
Abstract
The Library of Congress was targeted in a cyberattack that occurred in parallel with a high-profile intrusion into the British Library in October 2023 but it was a failed attempt, according to internal documents obtained by Nextgov/FCW.NEXTGOV
May 10, 2024 – Malware
Android Remote Access Trojan Equipped to Harvest Credentials Full Text
Abstract
This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices. This includes the icons of Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter).Sonic Wall
May 10, 2024 – General
Report: Global Ransomware Crisis Worsens Full Text
Abstract
According to NTT Security Holdings’ 2024 Global Threat Intelligence report, ransomware and extortion incidents increased by 67% in 2023, with over 5,000 victims detected or posted across social channels, up from 3,000 in 2022.Help Net Security
May 10, 2024 – Phishing
Monday.com Removes “Share Update” Feature Abused for Phishing Attacks Full Text
Abstract
The phishing emails pretended to come from a "Human Resources" department, asking users to either acknowledge the "organization's workplace sex policy" or submit feedback as part of a "2024 Employee Evaluation."Bleeping Computer
May 10, 2024 – General
Ransomware Attacks Impact 20% of Sensitive Data in Healthcare Orgs Full Text
Abstract
Recent cyber incidents demonstrate the healthcare industry continues to be a prime target for ransomware hackers, according to Rubrik. New research by Rubrik Zero Labs reveals that ransomware attacks produce larger impacts against healthcare targets.Help Net Security
May 10, 2024 – Government
CISA Explains Why it Doesn’t Call Out Tech Vendors by Name Full Text
Abstract
The CISA isn’t inclined to call out technology vendors when their fundamental errors impact customers — officials contend they can make a greater impact by discerning and generalizing those mistakes for a broader audience.Cybersecurity Dive
May 9, 2024 – General
How Workforce Reductions Affect Cybersecurity Postures Full Text
Abstract
The Cobalt State of Pentesting Report highlights the challenges faced by the cybersecurity industry in balancing the use of AI and protecting against it, amidst significant workforce reductions and resource constraints.Help Net Security
May 9, 2024 – Attack
Update: Boeing Confirms Attempted $200 Million Ransomware Extortion Attempt Full Text
Abstract
Boeing confirmed to CyberScoop that it is the unnamed multinational aeronautical and defense corporation referenced in an indictment unsealed Tuesday by the U.S. Department of Justice.CYBERSCOOP
May 9, 2024 – General
With Nation-State Threats in Mind, Nearly 70 Software Firms Agree to Secure by Design Pledge Full Text
Abstract
The CISA announced the first round of commitments at the RSA Conference on Wednesday, with Director Jen Easterly warning that it was necessary because of widespread hacking campaigns by nation-states like China.The Record
May 9, 2024 – Attack
Poland Says it was Targeted by Russian Military Intelligence Hackers Full Text
Abstract
Poland’s CERT-PL said on Wednesday that it had observed a large-scale malware campaign, likely carried out by the hacker group APT28, also known as Fancy Bear, associated with Russia’s military intelligence agency, the GRU.The Record
May 9, 2024 – General
Generative AI is a Looming Cybersecurity Threat Full Text
Abstract
Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.Cybersecurity Dive
May 9, 2024 – Solution
Security Tools Fail to Translate Risks for Executives Full Text
Abstract
CISOs stress the importance of DevSecOps automation to mitigate risks associated with AI and emphasize the need for modernized security tools to combat evolving cyber threats and comply with regulations.Help Net Security
May 9, 2024 – Botnet
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Payload Delivery Full Text
Abstract
In the attack chain observed by Juniper Threat Labs, CVE-2023-46805 is exploited to gain access to the "/api/v1/license/key-status/;" endpoint, which is vulnerable to command injection, and inject the payload.Juniper
May 9, 2024 – Government
CISA Extends CIRCIA Rule Comment Period Full Text
Abstract
The CISA will prolong the comment period for new regulations under the Cyber Incident Reporting for Critical Infrastructure Act for another month after requests from the energy and information technology sectors and other industries.SC Magazine
May 9, 2024 – Vulnerabilities
Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO Full Text
Abstract
Researchers at Pen Test Partners successfully bypassed Azure’s MFA requirement for SSO by changing the user-agent of a browser. They used a browser that resembled Chrome on Linux but encountered an error message stating MFA was required.Hack Read
May 9, 2024 – General
Report: 97% of Organizations Hit by Ransomware Turn to Law Enforcement Full Text
Abstract
According to a new Sophos report, 59% of those organizations that did engage with law enforcement found the process easy or somewhat easy. Only 10% of those surveyed said the process was very difficult.Help Net Securit
May 8, 2024 – Business
Blackwell Security Raises $13M in Funding Full Text
Abstract
The healthcare cybersecurity services company intends to use the funds to broaden its offerings, including capabilities such as healthcare threat intelligence and automated response.Finsmes
May 8, 2024 – General
Desperate Taylor Swift Fans Defrauded by Ticket Scams Full Text
Abstract
As reported by the BBC, Lloyds Bank estimates that fans have lost an estimated £1m ($1.25 m) in ticket scams ahead of the UK leg of Taylor Swift’s Eras tour. Roughly 90% of these scams were said to have started on Facebook.Malware Bytes
May 8, 2024 – Business
Akamai to Acquire Noname for $450 Million Full Text
Abstract
Noname, one of the top API security vendors in the market, will enhance Akamai’s existing API Security solution and accelerate its ability to meet growing customer demand and market requirements as the use of APIs continues to expand.Help Net Security
May 8, 2024 – Malware
zEus Stealer Distributed via Crafted Minecraft Source Pack Full Text
Abstract
Zeus Stealer is designed to steal sensitive information such as passwords and cryptocurrency wallets from infected systems. The attackers utilize the popularity of Minecraft to lure unsuspecting users into downloading and executing the payload.Fortinet
May 8, 2024 – Privacy
BetterHelp to Pay $7.8 Million to 800,000 in Health Data Sharing Settlement Full Text
Abstract
Following an investigation into BetterHelp's handling of customer data, the FTC revealed in March 2023 that the service collected data without consent from its app users or website visitors, even from people who had not signed up for counseling.Bleeping Computer
May 8, 2024 – Vulnerabilities
Report: Log4J Still Among Top Exploited Vulnerabilities Full Text
Abstract
In a new report, Cato observed that the Log4J exploit represented 30% of the outbound vulnerability exploitations and 18% of the inbound vulnerability exploitations detected in the first quarter of 2024.Infosecurity Magzine
May 8, 2024 – General
Ransomware Operations are Becoming Less Profitable Full Text
Abstract
Ransomware operations are experiencing a decline in profitability due to various factors such as increased cyber resilience of organizations, the availability of decryptors, and more frequent law enforcement actions.Help Net Security
May 8, 2024 – Attack
Update: MITRE Attributes the Recent Attack to China-linked UNC5221 Full Text
Abstract
The attackers exploited two zero-day vulnerabilities in Ivanti Connect Secure to gain initial access to MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE) in late December 2023.Security Affairs
May 8, 2024 – Hacker
Scattered Spider Group a Unique Challenge for Cyber Cops, FBI Leader Says Full Text
Abstract
Identified by analysts in 2022, the hackers use social engineering to lure users into giving up their login credentials or one-time password codes to bypass multifactor authentication.The Record
May 8, 2024 – Vulnerabilities
Hackers Exploit LiteSpeed Cache Flaw to Create WordPress Admins Full Text
Abstract
WPScan observed in April increased exploitation activity against WordPress sites with versions of the plugin older than 5.7.0.1, which are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000.Bleeping Compute
May 7, 2024 – Business
AT&T Splits Cybersecurity Services Business, Launches LevelBlue Full Text
Abstract
AT&T has split its cybersecurity services business to form a new company called LevelBlue. It includes AT&T's managed security services business, cybersecurity consulting business, and assets from the acquisition of AlienVault in 2018.Dark Reading
May 7, 2024 – Government
Germany Recalls Ambassador to Russia Over Cyberattacks Full Text
Abstract
Germany has recalled its ambassador to Russia in response to alleged Moscow-backed cyberattacks targeting various sectors in Germany, including defense, aerospace, and IT companies, as well as the German Social Democratic Party.The Record
May 7, 2024 – General
Report: Only 45% of Organizations Use MFA to Protect Against Fraud Full Text
Abstract
A report by Ping Identity highlighted the pressing need for enhanced identity protection strategies, as 97% of organizations struggle with identity verification, and 48% lack confidence in defending against AI-related attacks.Help Net Security
May 7, 2024 – Government
White House in Talks With Industry to Build Legal Framework for Software Liability Full Text
Abstract
The White House is engaging with the tech industry to establish a legal framework for software liability as part of a broader cybersecurity strategy, aiming to incentivize software developers to create products without exploitable security flaws.NextGov
May 7, 2024 – General
DBIR: Supply Chain Breaches up 68% Year Over Year Full Text
Abstract
According to Verizon's latest Data Breach Investigations Report (DBIR), supply chain breaches increased by 68% year-over-year, primarily due to software vulnerabilities exploited in ransomware and extortion attacks.Dark Reading
May 7, 2024 – Cryptocurrency
Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering Full Text
Abstract
The U.S. Department of Justice stated that BTC-e was a primary method for cybercriminals to transfer and launder illegal proceeds. Vinnik's actions led to a loss of at least $121 million through BTC-e.The Record
May 7, 2024 – Business
Synopsys to Sell its Software Integrity Business to Clearlake Capital and Francisco Partners Full Text
Abstract
After the transaction, the business will operate independently as an application security testing software provider, with the current management team expected to lead the new entity.Finsmes
May 7, 2024 – Government
US Sets Sights on Partnerships to Counter Cyberthreats, Secure AI in New Global Cyber Strategy Full Text
Abstract
The new strategy of the U.S. government aims to defend against cyberattacks on critical infrastructure, prevent surveillance misuses, and promote digital solidarity among global partners.NextGov
May 7, 2024 – Criminals
Dangerous Scammers From the Yahoo Boys Group Operate Openly on Social Media Full Text
Abstract
The Yahoo Boys, a group of scammers primarily based in West Africa, openly operate on various social media platforms like Facebook, WhatsApp, and Telegram, engaging in fraudulent activities that range from romance fraud to business email compromise.Ars Technica
May 7, 2024 – Government
Krebs, Luber Added to Cyber Safety Review Board Full Text
Abstract
The Cyber Safety Review Board (CSRB) has added four new members, including Chris Krebs, former Director of the CISA, and David Luber, head of the NSA's Cybersecurity Directorate.CYBERSCOOP
May 6, 2024 – APT
NiceCurl and TameCat Custom Backdoors Leveraged by Damselfly APT Full Text
Abstract
The Damselfly Advanced Persistent Threat (APT) group, also known as APT42, has been actively using custom backdoor variants, NiceCurl and TameCat, to infiltrate Windows machines.Broadcom
May 6, 2024 – Business
Belgium’s Aikido Lands $17M Series A for its Security Platform Aimed at Developers Full Text
Abstract
Aikido, a startup based in Ghent, Belgium, has secured a $17 million Series A funding to develop its innovative security platform tailored for developers. The round was led by Singular, with participation from Notion Capital and Connect Ventures.Yahoo
May 6, 2024 – Malware
HijackLoader Evolves with New Evasion Techniques Full Text
Abstract
HijackLoader is a modular malware loader that is used to deliver second-stage payloads including Amadey, Lumma Stealer, Racoon Stealer v2, and Remcos RAT. HijackLoader decrypts and parses a PNG image to load the next stage.ZScalar
May 6, 2024 – Breach
Russian GRU Hackers Compromised German, Czech Targets Full Text
Abstract
The German and Czech governments have publicly disclosed that Russian military intelligence hackers, known as APT28, have been involved in an espionage campaign targeting political parties and critical infrastructure in both countries.Bank Info Security
May 6, 2024 – General
Organizations Patch CISA KEV List Bugs 3.5 Times Faster Than Others, Researchers Find Full Text
Abstract
The median time to patch bugs listed in the CISA's Known Exploited Vulnerabilities (KEV) catalog is 174 days, compared to 621 days for non-KEV vulnerabilities, according to an analysis by Bitsight.The Record
May 6, 2024 – Breach
Finland Warns of Android Malware Attacks Breaching Bank Accounts Full Text
Abstract
Finland's Transport and Communications Agency (Traficom) highlighted multiple cases of SMS messages written in Finnish that instruct recipients to call a number. The scammer answers the call instructs victims to install a McAfee app for protection.Bleeping Computer
May 6, 2024 – General
Ransom Recovery Costs Reach $2.73 Million Full Text
Abstract
Ransom recovery costs have surged, with the average payment reaching $2 million, a 500% increase from the previous year. Excluding ransoms, the average cost of recovery has risen to $2.73 million, up by almost $1 million, according to Sophos.Help Net Security
May 6, 2024 – Criminals
Law Enforcement Seized LockBit Group’s Website Again Full Text
Abstract
Law enforcement authorities seized the Lockbit group's Tor website again and they plan to reveal the identities of the LockBitSupps and other gang members on May 7, 2024.Security Affairs
May 6, 2024 – Business
LayerX Raises $26 Million for its Browser Security Platform Full Text
Abstract
The Israeli startup founded in 2022 by Or Eshed and David Weisbrot has raised $26 million in Series A funding. This round, led by Glilot+ and with participation from Dell Technologies Capital, brings LayerX's total investment to $34 million.CALCALIST
May 6, 2024 – General
Cisa Warned 1,750 Organizations of Ransomware Vulnerabilities Last Year. Only Half Took Action. Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency sent out alerts to critical infrastructure sectors, with only 852 organizations responding by patching, implementing controls, or taking devices offline.Cybersecurity Div
May 4, 2024 – Attack
Ukraine Records Increase in Financially Motivated Attacks by Russian Hackers Full Text
Abstract
These hackers are employing sophisticated phishing techniques to distribute malicious software and target financial theft, with incidents steadily increasing over the past two years.The Record
May 4, 2024 – Government
CISA Urges Software Devs to Weed out Path Traversal Vulnerabilities Full Text
Abstract
Path traversal vulnerabilities, also known as directory traversal, can be exploited by attackers to manipulate critical files, compromise security mechanisms, access sensitive data, and disrupt systems.Bleeping Computer
May 4, 2024 – Vulnerabilities
Android Bug can Leak DNS Traffic With VPN Kill Switch Enabled Full Text
Abstract
The Android bug discovered by a Mullvad VPN user reveals that Android devices can leak DNS queries even with the "Always-on VPN" feature and "Block connections without VPN" option enabled.Bleeping Computer
May 3, 2024 – Vulnerabilities
“Dirty Stream” Attack Affects Popular Android Apps Full Text
Abstract
A vulnerability in popular Android apps like Xiaomi File Manager and WPS Office could allow malicious apps to overwrite files in the vulnerable app's home directory, potentially leading to code execution and unauthorized access to user data.Microsoft
May 3, 2024 – Vulnerabilities
More Than Two Dozen Android Vulnerabilities Fixed Full Text
Abstract
Xiaomi resolved 20 flaws, ensuring user safety by fixing issues like arbitrary access to system components and data leaks. Google also fixed six vulnerabilities, including geolocation access through the camera and arbitrary file access.The Register
May 3, 2024 – Phishing
North Korean Hackers Spoofing Journalist Emails to Spy on Experts Full Text
Abstract
North Korean threat actors, specifically the Kimsuky group, are exploiting weakly configured DMARC protocols to spoof the email addresses of legitimate journalists, academics, and other experts in East Asian affairs.Infosecurity Magazine
May 3, 2024 – Business
DeepKeep Secures $10M in Seed Funding to Boost GenAI Protection Endeavors Full Text
Abstract
Founded in 2021 by Rony Ohayon, DeepKeep specializes in AI-Native Trust, Risk, and Security Management (TRiSM). The platform caters to large corporations reliant on AI, GenAI, and LLM technologies for risk management and growth protection.Medium
May 3, 2024 – Solution
reNgine: Open-Source Automated Reconnaissance Framework for Web Applications Full Text
Abstract
Developed to address limitations in existing tools, reNgine is beneficial for bug bounty hunters, penetration testers, and corporate security teams by automating and enhancing their information collection processes.Help Net Security
May 3, 2024 – Policy and Law
Cybersecurity Consultant Arrested After Allegedly Extorting IT Firm Full Text
Abstract
Vincent Cannady, a former cybersecurity consultant, was arrested for allegedly extorting a publicly traded IT company by threatening to disclose confidential data unless they paid him $1.5 million.Bleeping Computer
May 3, 2024 – Policy and Law
REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison Full Text
Abstract
Yaroslav Vasinskyi, a 24-year-old Ukrainian national and affiliate of the notorious REvil ransomware-as-a-service (RaaS) group, has been sentenced to 13 years and 7 months in prison by a US court.Infosecurity Magazine
May 2, 2024 – Denial Of Service
Hackers Target New NATO Member Sweden with Surge of DDoS Attacks Full Text
Abstract
Sweden has faced a wave of distributed denial of service (DDoS) attacks since it started the process of joining NATO, according to network performance management provider Netscout.Infosecurity Magazine
May 2, 2024 – Policy and Law
Finnish Psychotherapy Center Cyber-Blackmailer Gets Six Years Full Text
Abstract
The district court of Länsi-Uusimaa, Finland, sentenced Aleksanteri Kivimäki, 26, on Tuesday for crimes against the Vastaamo center and those in its care, which included more than 20,000 extortion attempts.The Register
May 2, 2024 – Botnet
New Goldoon Botnet Targeting D-Link Devices Using Decade-Old Flaw Full Text
Abstract
This botnet exploits the CVE-2015-2051 flaw to download a dropper script, and then deploys the Goldoon malware for DDoS attacks. The botnet uses various autorun methods for persistence and connects to a C2 server for instructions.Fortinet
May 2, 2024 – Government
CISA Adds GitLab Flaw to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
This flaw allows for an account takeover via Password Reset, enabling attackers to hijack accounts without any interaction. The affected versions range from 16.1 to 16.7, with GitLab releasing patches for versions 16.1.6 to 16.7.2.Security Affairs
May 2, 2024 – Government
NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms Full Text
Abstract
The initiative is designed to mitigate the threat of consumer-grade devices being targeted by commercial spyware, potentially enabling sophisticated threat actors to use these as a stepping stone into back-end corporate systems and data.Infosecurity Magazine
May 2, 2024 – Vulnerabilities
HPE Aruba Networking Fixes Four Critical RCE Flaws in ArubaOS Full Text
Abstract
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.Bleeping Computer
May 2, 2024 – Ransomware
LockBit, Black Basta, Play Dominate Ransomware in Q1 2024 Full Text
Abstract
LockBit, Black Basta, and Play have been observed to be the most active ransomware groups in Q1 2024, with Black Basta experiencing a notable 41% increase in activity, according to a report by ReliaQuest.Infosecurity Magazine
May 2, 2024 – Vulnerabilities
Vulnerability Exploits Triple as Initial Access Point for Breaches Full Text
Abstract
According to Verizon’s 2024 Data Breach Investigations Report, this method of gaining unauthorized access leading to a breach accounted for 14% of malicious actors’ way into a network. It is the third most used after credential theft and phishing.Infosecurity Magazine
May 2, 2024 – Business
SafeBase Raises $33M in Series B to Accelerate Vision for Friction-Free Security Reviews Full Text
Abstract
Elisity, a leader in identity-based microsegmentation, has secured $37 million in Series B funding from Insight Partners to enhance its AI capabilities for cyber threat anticipation.Yahoo
May 2, 2024 – General
AI is Creating a New Generation of Cyberattacks Full Text
Abstract
Most businesses see offensive AI fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks, according to Netacea.Help Net Security
May 1, 2024 – Business
Island Raises $175 Million at $3 Billion Valuation Full Text
Abstract
The $175 million Series D funding round for Island was led by new investor Coatue and existing investor Sequoia Capital, with additional funding from other existing investors.Help Net Security
May 1, 2024 – Malware
New Cuttlefish Malware Infects Routers to Monitor Traffic for Credential Theft Full Text
Abstract
Black Lotus Labs says the malware has been active since at least July 2023. It is currently running an active campaign concentrated in Turkey, with a few infections elsewhere impacting satellite phone and data center services.Bleeping Computer
May 1, 2024 – Government
CISA Unveils Guidelines for AI and Critical Infrastructure Full Text
Abstract
The CISA on Monday released safety and security guidelines for critical infrastructure, a move that comes just days after the Department of Homeland Security announced the formation of a safety and security board focused on the same topic.FEDSCOOP
May 1, 2024 – Malware
New Wpeeper Android Malware Hides Behind Hacked WordPress Sites Full Text
Abstract
A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads.Bleeping Computer
May 1, 2024 – Vulnerabilities
Programming Language R Patches Code Execution Security Flaw Full Text
Abstract
The vulnerability, tagged CVE-2024-27322, can be exploited by tricking someone into loading a maliciously crafted RDS (R Data Serialization) file into an R-based project, or by fooling them into integrating a poisoned R package into a code base.The Register
May 1, 2024 – Vulnerabilities
Patched Deserialization Flaw in Siemens Product Allows RCE Full Text
Abstract
Researchers detailed a deserialization vulnerability in Siemens software used to monitor industrial energy consumption and attributed the flaw to the German conglomerate's decision to use a programming method that has known security risks.Healthcare Info Security
May 1, 2024 – Malware
New Latrodectus Malware Attacks Use Microsoft, Cloudflare Themes Full Text
Abstract
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.Bleeping Computer
May 1, 2024 – Outage
Belarus Secret Service Website Still Down After Hackers Claim the Breach Full Text
Abstract
The hackers, known as the Belarusian Cyber-Partisans, announced their operation against the KGB late last week. The agency has not commented on the attack, but on Monday its website says that it is “in the process of development.”The Record