Latest Cybersecurity News and Articles

---

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates have been observed in version 6 of DarkGate released in March 2024 by its developer RastaFarEye, who

---

39% of MSPs adapting to new technologies is their biggest challenge

39% of MSPs state that their greatest challenge is keeping up with emerging cybersecurity solutions and technologies.

---

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could be exploited to obtain unauthorized

---

49% of organizations feel somewhat prepared to handle a breach

A report found that insufficient or ineffective cybersecurity training and resources are the two biggest items missing from a cybersecurity approach.

---

A new malicious email campaign uses piano-themed scams to lure targets

Piano-themed messages are being sent to lure targets into falling for an email scam. 

---

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for gulp and gulp plugins." It has been downloaded 175 times to date. Software supply chain security

---

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware.  Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, Veron over the past few years, according to a video released by the agencies. "Who is he working with? What is his

---

Research discovers the 25 most hacked pop culture passwords

New research reveals the most hacked pop culture passwords in 2024.

---

SASE Threat Report: 8 Key Findings for Enterprise Security

Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the enterprise. Cato’s Cyber Threat Research Lab (Cato CTRL, see more details below) has recently released

---

Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions

Now-patched authorization bypass issues impacting Cox modems that could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands. "This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've executed commands and modified the settings of millions of modems, accessed any business customer's

---

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks," the AhnLab Security Intelligence Center (ASEC) said in a report

---

Security leaders respond to the cyberattack on Christie’s

Security leaders respond to the claim that a ransomware group has accessed the data of at least 500,000 of Christie’s customers globally.

---

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware," cybersecurity firm eSentire said in a new report. "In April 2024, we observed FakeBat being distributed

---

Live Nation investigating data breach of its US Ticketmaster unit

Cybercrime group ShinyHunters said it had stolen data of 500m customers of concert promoter’s ticketing armLive Nation Entertainment said it is investigating a data breach at its Ticketmaster unit that it discovered on 20 May, the latest in a string of high-profile corporate hacks in the past year.In a filing with the US Securities and Exchange Commission, Live Nation said it had found “unauthorised activity” in a third-party cloud database that mainly contained Ticketmaster data, and was working with forensic investigators. Continue reading...

---

AI Company Hugging Face Notifies Users of Suspected Unauthorized Access

Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. "We have suspicions that a subset of Spaces’ secrets could have been accessed without authorization," it said in an advisory. Spaces offers a way for users to create, host, and share AI and machine learning (ML) applications. It also functions as a

---

Ticketek customer details exposed in cyber security breach

Clare O’Neil says incident affecting many Australians but appears restricted to the release of names, dates of birth and email addressesGet our morning and afternoon news emails, free app or daily news podcastTicketek has been hit by a “cyber incident” with personal information of Australian customers stolen from a third-party global cloud-based platform.The cybersecurity minister, Clare O’Neil, said late on Friday night the breach was “affecting many Australians” but appeared restricted to the release of names, dates of birth and email addresses.Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup Continue reading...

---

Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.

More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. The mysterious event, which took place between October 25 and 27, 2023, and impacted a single internet service provider (ISP) in the U.S., has been codenamed Pumpkin

---

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets," the Microsoft Threat Intelligence team said.

---

Beyond Threat Detection – A Race to Digital Security

Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created an expansive attack surface and has made ‘digital content’ the preferred carrier for cybercriminals

---

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting

The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422, is an advanced persistent threat (APT) group affiliated with