Latest Cybersecurity News and Articles


Fake AWS Packages Ship Command and Control Malware in JPEG Files

17 July 2024
The two malicious packages, img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy, were downloaded 190 and 48 times, respectively, before being removed by npm security.

Ransomware Leak Site Posts Jumped 20% in Q2

17 July 2024
According to Reliaquest, ransomware incidents surged in Q2, with 1,237 organizations listed on data leak sites, a 20% increase from Q1. U.S. businesses were hit the hardest, accounting for over half of the victims.

JPCERT/CC Warns of MirrorFace Attacks Against Japanese Organizations

17 July 2024
Initially, the targets of MirrorFace were media, political organizations, think tanks, and universities, but by 2023, the focus shifted to manufacturers and research institutions.

ChatGPTriage: How can CISOs See and Control Employees’ AI Use?

17 July 2024
Building a database of AI destinations and capturing employee activity are essential steps in gaining visibility. Monitoring user prompts, responses, and data exchanged with AI models is crucial for understanding employee behavior.

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

17 July 2024
A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second

Well-Established Cybercriminal Ecosystem Blooms in Iraq

17 July 2024
Researchers have uncovered a well-established cybercriminal ecosystem connected to a Telegram bot, with over 90,000 Arabic messages dating back to 2022, enabling a sophisticated network offering social media manipulation and financial theft services.

Kubernetes Exposed: Exploiting the Kubelet API

17 July 2024
Real-world attacks have been observed where attackers target the Kubelet API to steal secrets and gain control over clusters. Various techniques, such as environment discovery, network scanning, and secrets collection, have been utilized by hackers.

Beware of BadPack: One Weird Trick Being Used Against Android Devices

17 July 2024
BadPack is an APK file intentionally packaged in a malicious way. In most cases, this means an attacker has maliciously altered header information used in the compressed file format for APK files.

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

17 July 2024
The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also has a history of

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

17 July 2024
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are

83% of cybersecurity managers are looking into AI

16 July 2024
According to a report, 73% of life sciences companies are turning to artificial intelligence (AI) to address the cybersecurity skills gap.

HR-Themed Phishing Campaign Targets Employees to Steal Microsoft Credentials

16 July 2024
In a recent phishing attempt, Cofense researchers spotted an email disguised as a communication from a company's HR department, prompting recipients to review an updated employee handbook.

Facebook Ads for Windows Desktop Themes Push Info-Stealing Malware

16 July 2024
The threat actors take out ads for Windows themes, free game downloads, and software cracks for apps like Photoshop and Microsoft Office. These ads are shared through new or hijacked Facebook business pages.

Void Banshee Targets Windows Users Through MSHTML Flaw to Spread Atlantida Stealer

16 July 2024
The vulnerability, CVE-2024-38112, was observed by Trend Micro in May 2024, being exploited as part of a multi-stage attack chain using internet shortcut files. The campaign has been active throughout 2024.

SEXi Ransomware Rebrands as 'APT Inc.,' Retains Prior Extortion Tactics

16 July 2024
The cybercrime group known as SEXi ransomware, now operating as APT Inc., has been targeting organizations since February. They use a leaked Babuk encryptor for VMware ESXi servers and LockBit 3 encryptor for Windows servers.

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins

16 July 2024
Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds. "Konfety represents a new form of

Attackers Exploit URL Protections to Disguise Phishing Links

16 July 2024
Phishing campaigns are utilizing three different URL protection services to disguise phishing URLs and trick victims into giving up their credentials. These attacks have targeted numerous companies already.

ShadowRoot Ransomware Targets Turkish Businesses

16 July 2024
The attackers target Turkish businesses with this ransomware campaign, distributing it via email addresses like Kurumsal[.]tasilat[@]internet[.]ru. The malware payload is hosted on a compromised GitHub account.

Ascend to new heights at GSX 2024

16 July 2024
At GSX, leaders will immerse themselves in a nexus of timely insights, forecasting the ominous trends that loom on the horizon.

HardBit Ransomware Version 4.0 Supports New Obfuscation Techniques

16 July 2024
To ensure victims cannot recover encrypted files easily, the ransomware deletes the Volume Shadow Copy Service (VSS) and makes adjustments to the boot configuration to prevent errors upon restart.