Latest Cybersecurity News and Articles

---

Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the industry and governments to take urgent action to ensure public safety across social media platforms. "Privacy measures currently being rolled out, such as end-to-end encryption, will stop tech companies

---

German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies

German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor (aka Generalbundesanwalt), but it includes Herwig F., Ina F., and Thomas R. "The suspects are strongly suspected of working for a Chinese secret service since an unspecified

---

Feds Issue Guide for Change Health Breach Reporting Duties

HHS' Office for Civil Rights in new "frequently asked questions" guidance issued Friday night said it has not yet received breach reports from Change Healthcare, UHG, or any other affected covered entities pertaining to the incident.

---

GitLab Affected by GitHub-Style CDN Flaw Allowing Malware Hosting

Similar to a recently reported issue in GitHub, users can abuse the "comments" feature in GitLab to upload malware to any repository without the repository owner's knowledge.

---

Cloud Console Cartographer: Open-Source Tool Helps Security Teams Transcribe Log Activity

Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment.

---

GitHub Comments Abused to Push Malware via Microsoft Repository URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy.

---

Majority of Businesses Worldwide are Implementing Zero Trust, Gartner Finds

Almost two-thirds of organizations across the globe have either fully or partially implemented zero-trust strategies, according to a report released Monday by Gartner based on a survey of 303 security leaders.

---

Uncertainty is the Most Common Driver of Noncompliance

Most compliance leaders tend to focus on building an ethical culture in their organizations to improve employee behavior, but it has a limited impact on addressing uncertainty about how to be compliant, according to a survey by Gartner.

---

Researchers Warn Windows Defender Attack can Delete Databases

Researchers at US-Israeli infosec outfit SafeBreach recently discussed flaws in Microsoft and Kaspersky endpoint security products that can potentially allow the remote deletion of files.

---

Cyber Insurance Gaps Stick Firms With Millions in Uncovered Losses

The majority of companies, 4 in 5, have suffered a cyberattack that wasn’t fully covered under their cyber insurance policy, according to an analysis by cyber risk quantification firm CYE.

---

Sharp Stealer: New Info-stealer Malware Targets Gamers, Crypto Enthusiasts

The malware does not try to hide its presence in the system from antivirus programs and has not gained much popularity in the underground yet, indicating that it is a new player in the market.

---

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses. "These individuals have facilitated or derived financial benefit from the misuse of this technology, which

---

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early as April 2019, leveraged a now-patched flaw that allowed for

---

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps.

---

Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

Androxgh0st operators are exploiting multiple CVEs, including CVE-2021-3129 and CVE-2024-1709 to deploy a web shell on vulnerable servers, granting remote control capabilities. Evidence also suggests active web shells associated with CVE-2019-2725.

---

Dependency Confusion Vulnerability Found in Apache Project

The exploit occurs when referencing a private/local package, which inadvertently fetches a malicious package similarly named from the public registry due to misconfigurations in package managers.

---

Change the law on computer evidence with an amendment to data protection bill | Letter

A group of software experts and barristers who have been supporting the subpostmasters affected by the Post Office Horizon miscarriages of justice call for changes to the bill going through the House of LordsIt is now clear that the Post Office was advised by its lawyers to delay disclosing some evidence that would help subpostmasters (Post Office was urged by external lawyers to ‘suppress’ key document, inquiry hears, 18 April).Failure to disclose vital evidence about the defects in the Horizon IT system led to appalling injustice. We suggest that the data protection and digital information bill that is currently before parliament should be amended to require that a person seeking to rely on computer evidence should have to declare on oath that, having made the necessary inquiries, they know of no reason why it should not be relied on.Martyn Thomas Emeritus professor, Gresham College Harold Thimbleby Emeritus professor, Gresham College Bev Littlewood Emeritus professor, City, University of London Martin Newby Emeritus professor, City, University of London Paul Marshall Barrister Stephen Mason Barrister James Christie Continue reading...

---

Malicious PyPI Package Attacking Discord Users to Steal Credentials

A malicious PyPI package named "discordpy_bypass-1.7" was detected on March 12, 2024. This package is designed to extract sensitive information from user systems using a blend of persistence techniques, browser data extraction, and token harvesting.

---

From Water to Wine: An Analysis of WINELOADER

A recent malware campaign used weaponized ZIP files to distribute the WINELOADER malware. The attackers send phishing emails with ZIP attachments that, when extracted, execute a PowerShell script to download and install the malware.

---

Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in