Infosecurity News
Published Vulnerabilities Surge by 43%
Forescout highlighted a 43% increase in published vulnerabilities in H1 2024, with attackers targeting flaws in VPNs and network infrastructure for initial access
Russian Hackers Use Commercial Spyware Exploits to Target Victims
In a campaign targeting Mongolian government websites, Russian-backed APT29 leveraged exploits previously used by spyware vendors NSO Group and Intellexa
North Korean Hackers Launch New Wave of npm Package Attacks
North Korean groups exploited npm packages in coordinated attacks, targeting developers and cryptocurrency wallet browser extensions
BlackByte Adopts New Tactics, Targets ESXi Hypervisors
BlackByte, linked to the Conti group, exploited VMware ESXi CVE-2024-37085 to control virtual machines
Unpatched CCTV Cameras Exploited to Spread Mirai Variant
Threat actors are exploiting a vulnerability found in CCTV cameras used in critical infrastructure to spread a Mirai malware variant
Surge in New Scams as Pig Butchering Dominates
Chainalysis report reveals a likely increase in new internet scams this year as fraudsters adapt to increasing enforcement efforts
Iranian Hackers Secretly Aid Ransomware Attacks on US
CISA and the FBI warned that Iranian APT group, Fox Kitten, has helped ransomware groups to attack US organizations since 2017
IT Engineer Charged For Attempting to Extort Former Employer
A virtual machine specialist was arrested after a foiled data extortion plot targeting his former employer
Ransomware Attacks Exposed 6.7 Million Records in US Schools
Ransomware attacks on US schools and colleges have surged, with 491 incidents since 2018, affecting over 8000 institutions
LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics
LummaC2, a C-based MaaS tool first identified in 2022, has resurfaced to exfiltrate credentials and personal data
Iran-Backed Peach Sandstorm Hackers Deploy New Tickler Backdoor
The hacking subsidiary of the Iranian Islamic Revolutionary Guard Corps (RGC) has targeted satellite, communications, oil and gas and government sectors in the US and UAE
Money Laundering Dominates UK Fraud Cases
KPMG research finds money laundering accounted for the majority of fraud cases heard in the first half of 2024
South Korean Spies Exploit WPS Office Zero-Day
ESET uncovers a South Korean cyber-espionage campaign featuring a zero-day exploit for WPS Office
Microsoft 365 Copilot Vulnerability Exposes User Data Risks
The flaw in Microsoft 365 Copilot allowed data theft using ASCII smuggling and prompt injection
MOVEit Hack Exposed Personal Data of Half Million TDECU Users
The Texas Dow Employees Credit Union told the Maine Attorney General the MOVEit data breach compromised information of over 500,000 members
FBI Flawed Data Handling Raises Security Concerns
A US Justice Department watchdog has found “significant weaknesses” in the FBI’s physical and online media storage and disposal processes
Suspected Cyber-Attack Causes Travel Chaos at Seattle Airport
The Port of Seattle revealed system outages at the city’s airport may have been caused by a cyber-attack, affecting early Labor Day travel
Uber Hit With €290m GDPR Fine
The Dutch data protection regulator has imposed a €290m GDPR fine on Uber for storing driver data in the US without adequate safeguards
A Third of Organizations Suffer SaaS Data Breaches
AppOmni report claims number of companies suffering SaaS-related data breaches has jumped five percentage points over past year
Newly Discovered Group Offers CAPTCHA-Solving Services to Cybercriminals
Greasy Opal is a Czech Republic-based hacking group selling products that can be used for deploying cyber-attacks
