Latest Cybersecurity News and Articles

---

Escalation of Fake E-Shop Campaign Threatens Banking Security in Multiple Regions

The threat actor behind the fake e-shop campaign leverages tools such as the open-source string obfuscator “Paranoid” and the Janus WebRTC module, showcasing a deep understanding of technological intricacies to evade detection and amplify impact.

---

No 10 tells MPs to be cautious about unsolicited messages after attempted ‘honeytrap’

Message comes as pressure builds on Tories to take disciplinary action against MP William WraggUK politics – latest updatesDowning Street has urged MPs to be cautious when responding to unsolicited messages, after the “spear-phishing” attack that targeted more than a dozen MPs, staff and journalists working in Westminster.Number 10 issued the warning on Monday morning, days after two police forces launched an investigation into what is being described as an attempted “honeytrap”. Continue reading...

---

Hotel Check-In Terminal Leaks Rafts of Guests' Room Codes

Martin Schobert at Swiss security firm Pentagrid discovered that an attacker could input a series of six consecutive dashes (------) in place of a booking reference number and the terminal would return an extensive list of room details.

---

Fake Facebook MidJourney AI Page Promoted Malware to 1.2 Million People

Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware.

---

Google Sues Crypto Investment App Makers Over Alleged Massive “Pig Butchering” Scam

Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps.

---

Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks

Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox

---

Hackers can Use AI Hallucinations to Spread Malware

One security researcher investigating AI-hallucinated libraries said late last month that he found chatbots calling for a nonexistent Python package dubbed "huggingface-cli."

---

Security leaders discuss the U.S. Treasury's concerns regarding AI

The U.S. Department of the Treasury released a report regarding cybersecurity threats in the financial sector, specifically related to AI. 

---

Over 92,000 Internet-Facing D-Link NAS Devices can be Easily Hacked

A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, that impacts multiple end-of-life D-Link NAS device models.

---

US Chamber of Commerce, Industry Groups Call for 30-Day Delay in CIRCIA Rules

The U.S. Chamber of Commerce and multiple industry leaders are calling for a month-long extension of the 60-day comment period for a new incident reporting rule being issued by the top cybersecurity agency in the U.S.

---

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it's designed to retrieve

---

The Drop in Ransomware Attacks in 2024 and What it Means

The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure

---

Permiso Secures $18.5 Million in Series A Funding to Fortify Cloud Identity Security Landscape

According to Silicon Angle, this significant injection of capital is spearheaded by Altimeter Capital Management LP, with notable participation from Point72 Ventures LLC, marking a new milestone for the company founded in 2020.

---

UK: Police Launch Inquiry After MPs Targeted in Apparent ‘Spear-Phishing’ Attack

A police investigation has been launched after MPs were apparently targeted in a “spear-phishing” attack, in what security experts believe could be an attempt to compromise the UK Parliament.

---

Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft

Cloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, namely shared Inference infrastructure takeover and shared CI/CD takeover.

---

Persistent Magento Backdoor Hidden in XML

Attackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly crafted layout template in the database, which was used to automatically inject malware.

---

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado said. The email message, the company said, originates from an email

---

Google Sues App Developers Over Fake Crypto Investment App Scam

Google has filed a lawsuit against two app developers for engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns. The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam Cheung (aka

---

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of

---

Phishing Attacks Targeting Political Parties, Germany Warns

"An increase of attacks can currently be assumed, particularly in light of the upcoming European elections. These may include phishing attacks to publish stolen data or documents," a BSI spokesperson told Information Security Media Group.