Latest Cybersecurity News and Articles

---

Ongoing DEV#POPPER Malware Campaign Expands Targeting

The attackers, posing as interviewers, urge candidates to download a ZIP file containing malware. The campaign has targeted victims in South Korea, North America, Europe, and the Middle East.

---

Cisco Investments Backs Anti-Ransomware Firm Halcyon

Cisco Investments has invested in Halcyon, an anti-ransomware company, to enhance its platform and reduce ransomware risks to zero. The investment amount remains undisclosed, but Halcyon has raised a total of $90 million so far.

---

New Tech, Personnel Will Help CISA with Coming Rush of Cyber Incident Reports

The CISA is working to comply with the Cyber Incident Reporting for Critical Infrastructure Act of 2022, requiring critical infrastructure providers to report cybersecurity incidents and ransomware attacks within specific timeframes.

---

New NSA AI-powered Tool Would Help Industry Optimize Cyber Defense Testing

The Autonomous Penetration Testing platform would replace much of the laborious, manual process of such testing, where organizations use vulnerability scanning tools and other methods to measure the robustness of their cyberdefenses against hackers

---

Threat Actor Abuses Trial Feature for Cloudflare Tunnels to Deliver RATs

Hackers are exploiting the free TryCloudflare service to distribute remote access trojans (RATs) like AsyncRAT, GuLoader, and Remcos RAT. This activity was first detected in February and has been linked to campaigns targeting various industries.

---

Critical Infrastructure Group Launches Effort to Aid Federal Agencies’ Cyber Defenses

The Center for Federal Civilian Executive Branch Resilience, launched by the Institute for Critical Infrastructure Technology, aims to enhance standards and procedures for protecting government agencies from cybercriminals and nation-state hackers.

---

Increased Botnet Activity Against Apache OFBiz Exploiting CVE-2024-32113

The open-source ERP framework OFBiz is being targeted by the Mirai botnet due to a critical directory traversal vulnerability that allows for remote command execution. This vulnerability was patched in May for versions before 18.12.13.

---

Fighting Ursa Luring Targets With Car for Sale

APT28, a Russia-linked threat actor (also known as Fighting Ursa, Fancy Bear, and Sofacy), has been identified in a campaign using a car sale phishing lure to deliver the HeadLace Windows backdoor to target diplomats since March 2024.

---

Newly Identified BITSLOTH Backdoor Uses Novel C2 Communication Channel

A new Windows backdoor named BITSLOTH has been discovered by cybersecurity researchers. This malware exploits the Background Intelligent Transfer Service (BITS) for stealthy communication, making it difficult to detect.

---

FBI Warns of Scammers Posing as Crypto Exchange Employees

These fraudsters contact victims through phone calls or messages, posing as representatives of legitimate crypto exchanges, and create a sense of urgency by claiming security issues or hack attempts on the victims' accounts.

---

Airlines are Flying Blind on Third-Party Risks

Airlines are facing challenges with third-party risks in their supply chain. Recent revelations regarding risks in Boeing's supply chain have emphasized the importance of measuring and mitigating these risks, according to SecurityScorecard.

---

Germany Summons Chinese Ambassador Over Cyberattack on Cartography Agency

Germany has summoned the Chinese ambassador over a cyberattack by a Beijing-backed threat actor on a cartography agency. The attack, aimed at espionage, was carried out at the end of 2021.

---

US Senate Panel Advances Cyber Regulatory Harmonization Bill

The Streamlining Federal Cybersecurity Regulations Act, led by senators Gary Peters and James Lankford, would create an interagency group to synchronize U.S. cyber regulatory regimes and establish a pilot program for testing new frameworks.

---

New Discord DDoS Campaign Called Panamorfi Targets Vulnerable Jupyter Notebooks

Hackers are targeting misconfigured Jupyter Notebooks using a repurposed Minecraft DDoS tool known as mineping. The attack, dubbed Panamorfi, involves utilizing a Java tool to launch a TCP flood DDoS attack against vulnerable Jupyter Notebooks.

---

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol (CIP) programming and configuration commands. The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS v3.1 score of 8.4. "A vulnerability exists in the affected products that allows a threat actor to

---

New Android Trojan "BlankBot" Targets Turkish Users' Financial Data

Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal financial information. "BlankBot features a range of malicious capabilities, which include customer injections, keylogging, screen recording and it communicates with a control server over a WebSocket connection," Intel 471 said in an analysis published last week.

---

China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group. Evasive Panda, also known by the names Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group that's been active since at least 2012,

---

Minister apologises for Northern Ireland special education needs data breach

Paul Givan says individuals concerned contacted after details of more than 400 people mistakenly sent outThe education minister in Northern Ireland has “unreservedly” apologised after the personal details of more than 400 people who had offered to contribute to a review of special education needs were breached.The embarrassing data breach came to light on Thursday after the education department said it had mistakenly sent to 174 people a spreadsheet attachment that contained the names, email address and titles of 407 individuals who had expressed an interest in attending the end-to-end review of special education needs (SEN) events across Northern Ireland. Continue reading...

---

DOJ and FTC Sue TikTok for Violating Children's Privacy Laws

The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for "flagrantly violating" children's privacy laws in the country. The agencies claimed the company knowingly permitted children to create TikTok accounts and to view and share short-form videos and messages with adults and others on the service. They

---

Attacks on Bytecode Interpreters Conceal Malicious Injection Activity

This type of attack, known as Bytecode Jiu-Jitsu, takes advantage of the fact that interpreters do not require execution privilege for bytecode, making it difficult for security tools to detect.