Latest Cybersecurity News and Articles


A Single Cloud Compromise Can Feed an Army of AI Sex Bots

03 October 2024
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.

North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks

03 October 2024
Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima,

10% of IT professionals have zero visibility measures

03 October 2024
A report found that 44% of IT security professionals rely on manual logging for service account visibility, while 10% admit to no visibility measures at all.

CISA releases threat response guide for K-12 schools

03 October 2024
The CISA has released a new resource to assist K-12 schools establish tailored approaches to threat management. 

INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa

03 October 2024
INTERPOL has announced the arrest of eight individuals in Côte d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune

LockBit Ransomware and Evil Corp Leaders Arrested and Sanctioned in Joint Global Effort

03 October 2024
A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

03 October 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. "An

Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

02 October 2024
A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that's also widely known as pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial

Sellafield ordered to pay nearly £400,000 over cybersecurity failings

02 October 2024
Sellafield ordered to pay nearly £400,000 over cybersecurity failings Nuclear waste dump in Cumbria pleaded guilty to leaving data that could threaten national security exposed for four years, says regulatorSellafield will have to pay almost £400,000 after it pleaded guilty to criminal charges over years of cybersecurity failings at Britain’s most hazardous nuclear site.The vast nuclear waste dump in Cumbria left information that could threaten national security exposed for four years, according to the industry regulator, which brought the charges. It was also found that 75% of its computer servers were vulnerable to cyber-attack. Continue reading...

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

02 October 2024
A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

02 October 2024
A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applicant lures. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection,"

Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

02 October 2024
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout

Microsoft Alert: New INC Ransomware Targets US Healthcare

02 October 2024
As per a recent Microsoft alert, a threat actor with malicious financial motives has been observed leveraging a new INC ransomware strain to target the health sector in the United States (US).

Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04

02 October 2024
Canonical has released security updates for Ubuntu 16.04 ESM and Ubuntu 18.04 ESM to address multiple vulnerabilities in Git, a powerful and widely-used distributed version control system.

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

02 October 2024
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,

90% of U.S. companies admit to using AI in some capacity

02 October 2024
The use of artificial intelligence (AI) by information technology (IT) professionals in the U.S. was analyzed in a recent report by GetApp. 

5 Must-Have Tools for Effective Dynamic Malware Analysis

02 October 2024
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1. Interactivity Having the ability to interact with the

Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations

02 October 2024
Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn't succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a

Community Clinic of Maui says 123,000 affected by May cyberattack

02 October 2024
The clinic said the hackers had access to personal data between May 4 and May 7, stealing information including Social Security numbers, passport numbers, financial account numbers with CVV numbers and expiration dates.

Evil Corp hit with new sanctions, BitPaymer ransomware charges

02 October 2024
The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks.