Latest Cybersecurity News and Articles

---

Offensive AI: The Sine Qua Non of Cybersecurity

"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can." was the output of a program named

---

North Korean Hackers Targeted KnowBe4 with Fake IT Worker

KnowBe4, a cybersecurity training company, was tricked into hiring a fake IT worker from North Korea, highlighting the threat of insider activities. Despite this, no data breach occurred.

---

Google Chrome Now Asks for Passwords To Scan Protected Archives

The new warning messages help users understand the danger posed by each downloaded file from the Internet. Google has implemented a two-tier download warning system using AI-powered malware verdicts from its Safe Browsing service.

---

Progress Software Fixed Critical Flaw in Telerik Report Server

The vulnerability, tracked as CVE-2024-6327, allows attackers to execute code on unpatched servers through deserialization of untrusted data. The issue affects Report Server 2024 Q2 (10.1.24.514) and earlier versions.

---

SocGholish: Fake Update Puts Visitors at Risk

The recent developments in SocGholish infection tactics target WordPress-based websites. The attack sequence involves initial access through compromised websites with vulnerable WordPress plugins.

---

Mimecast Acquires Veteran Data Security Firm Code42

Mimecast has acquired veteran data security firm Code42, adding 175 employees to its team. Code42, founded in 2001, focuses on expanding its data protection platform, Incydr, with recent enhancements for source code exfiltration detection.

---

U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals

The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world. "Rim Jong Hyok and his co-conspirators deployed

---

Patchwork Group Found Using Brute Ratel C4 and an Enhanced Version of PGoShell Backdoor

Patchwork hackers targeted Bhutan using the advanced Brute Ratel C4 tool, along with an updated backdoor called PGoShell. This marks the first time Patchwork has been observed using the red teaming software.

---

Email Gateway Security Gaps Enable New Malware Tactics

Email security gaps in gateway defenses have allowed phishing hackers to sneak malware past static scanning functions. Hackers hid malicious attachments by using a decoy file extension in a compressed archive.

---

Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023. "Unbeknownst to

---

CrowdStrike Warns of New Phishing Scam Targeting German Customers

CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter

---

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. "In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code

---

One year after SEC cyber disclosure ruling, security leaders weigh in

With a year in the rearview mirror, security professionals are reflecting on the SEC cyber disclosure ruling.

---

ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions

Researchers have uncovered a vulnerability in Google Cloud Platform's Cloud Functions service called ConfusedFunction. This flaw allows an attacker to escalate their privileges to access other services and sensitive data in an unauthorized manner.

---

North Korean Hacker Group Targeting Healthcare, Energy Sectors

North Korean hackers, specifically the Andariel hacking group, are now targeting the healthcare, energy, and financial sectors according to a Mandiant report. This group is believed to be associated with North Korea's Reconnaissance General Bureau.

---

Israel tried to frustrate US lawsuit over Pegasus spyware, leak suggests

Officials seized documents from NSO Group to try to stop handover of information about notorious hacking tool, files suggestThe Israeli government took extraordinary measures to frustrate a high-stakes US lawsuit that threatened to reveal closely guarded secrets about one of the world’s most notorious hacking tools, leaked files suggest.Israeli officials seized documents about Pegasus spyware from its manufacturer, NSO Group, in an effort to prevent the company from being able to comply with demands made by WhatsApp in a US court to hand over information about the invasive technology. Continue reading...

---

NCSC and partners issue warning over North Korean state-sponsored cyber campaign to steal military and nuclear secrets

Critical infrastructure organisations are strongly encouraged to stay vigilant to DPRK-sponsored cyber operations.

---

North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel Hyatt,

---

TransparentTribe’s Spear-Phishing Targeting Indian Government Departments

The malicious file, disguised as “Recommendation for the award of President’s.docm,” contained a VBA script that executed the CrimsonRAT remote control program, capable of stealing sensitive information.

---

AI Accelerates Code Development Faster Than Security Teams can Keep up

According to a Seemplicity survey, AI is speeding up code development faster than security teams can keep up, leading to concerns about vulnerability management. 91% of organizations are increasing their security budgets.