Google blocked over 10,000 instances of Dragon Bridge activity in Q1 2024, a China-affiliated influence operator that pushes pro-People’s Republic of China (PRC) views online. The tech giant also disrupted over 65,000 instances of Dragon Bridge activity across YouTube and Blogger in 2023. The Threat Analysis Group (TAG) at Google described the group as the
Month: June 2024
ESET Research, Threat Reports A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 27 Jun 2024 • , 2 min. read These past six months painted a dynamic landscape of Android Financial threats – malware going after victims’
Jun 28, 2024NewsroomCyber Espionage / Cyber Attack The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that’s designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the
Large organizations have significantly strengthened their cyber workforce in 2024, according to cyber consultancy Wavestone. In its Cyber Benchmark 2024 report, Wavestone found that, on average, companies with over $1bn in revenues have one expert dedicated to cybersecurity for 1086 employees. In 2023, the same organizations had one cyber professional for 1285 employees – a
Video Learn about the categories of threats that ‘topped the charts’ and the kinds of techniques that bad actors leveraged most commonly in the first half of this year. 28 Jun 2024 This week, the ESET research team released the H1 2024 issue of ESET Threat Report that examines the key trends and developments that
Jun 29, 2024NewsroomCybersecurity / Website Security Google has announced that it’s going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority’s inability to address security issues in a timely manner. “Over the past several years, publicly disclosed incident reports
Remote software provider TeamViewer has been hit by a cyber-attack that it has attributed to Russian state-affiliated threat actor Midnight Blizzard/APT29. The firm revealed it identified suspicious behavior on a standard employee account within its corporate IT environment on Wednesday, June 26. It has tied the incident to the credentials of that account. TeamViewer said
Business Security Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies Tony Anscombe 26 Jun 2024 • , 5 min. read Offsetting business risk with insurance is not new. Early mariners transporting their goods around the world hundreds of years ago faced
Jun 28, 2024NewsroomSoftware Security / DevOps GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3,
A third (33%) of security leaders believe companies often sacrifice long-term security for cost savings. The data comes from Bugcrowd’s 2024 Inside the Mind of a CISO report, which also suggests that 40% of security leaders think fewer than one-third of companies understand their breach risks. Despite these concerns, nearly 87% of security leaders are actively
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat’s transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. “With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it
Progress Software has disclosed two fresh vulnerabilities in its MOVEit file transfer products. The first is an authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration (CVE-2024-5806). It affects the Secure File Transfer Protocol (SFTP) service from version 2023.0.0 to 2023.0.11, 2023.1.0 to 2023.1.6 and 2024.0.0 to 2024.0.2. The second is an
Privacy VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes Phil Muncaster 25 Jun 2024 • , 6 min. read In a world of remote working and heightened privacy and security concerns, virtual private networks (VPNs) have become an indispensable
Jun 26, 2024NewsroomVulnerability / Data Protection A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions – From 2023.0.0 before
New fraud campaigns have been discovered involving the Medusa (TangleBot) banking Trojan, which had evaded detection for nearly a year. An analysis published by Cleafy researchers last week revealed that this sophisticated malware family, first identified in 2020, has resurfaced with significant changes. This malware, known for its remote access Trojan (RAT) capabilities, includes keylogging,
Jun 25, 2024NewsroomVulnerability / Threat Detection Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact (“sccm-updater.msc“) that was
Security researchers from Group-IB have unveiled the operations of a threat actor known as Boolka, whose activities involve deploying sophisticated malware and engaging in web attacks. According to an advisory published by the company on Friday, the group has been observed exploiting vulnerabilities through SQL injection attacks since 2022, targeting websites across various countries. The
Jun 24, 2024NewsroomArtificial Intelligence / Cloud Security Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the
Threat actors have published nearly 400GB of data stolen from pathology provider Synnovis, including sensitive NHS patient information, according to reports. The data was apparently accessed by ransomware group Qilin following the attack on critical NHS supplier Synnovis on June 3, 2024. The gang reportedly posted the information on its darknet site and Telegram channel
Jun 22, 2024NewsroomPhishing Attack / Adware A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. “The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,” cybersecurity firm eSentire said in an analysis, adding
The US government has banned cybersecurity provider Kaspersky from selling its products in the country because of the company’s alleged links to the Russian regime. On June 20, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) issued a Final Determination prohibiting Kaspersky Lab, Inc., the US subsidiary of the Russian cybersecurity
Video Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents 21 Jun 2024 A successful cyberattack can affect an organization in many ways, but the way the organization handles the incident extends far beyond the immediate aftermath. Indeed, the long-term
Jun 22, 2024NewsroomCyber Espionage / Threat Intelligence Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. “ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang,” Positive Technologies researchers Vladislav Lunin
The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed its Chemical Security Assessment Tool (CSAT) was breached by a malicious actor, and warned chemical facilities that sensitive data may have been exfiltrated. The attackers exploited a zero-day vulnerability in an Ivanti Connect Secure appliance to infiltrate CSAT from January 23 to 26, 2024. The
Digital Security As health data continues to be a prized target for hackers, here’s how to minimize the fallout from a breach impacting your own health records Phil Muncaster 20 Jun 2024 • , 5 min. read Digital transformation is helping healthcare providers across the globe to become more cost-efficient, while improving standards of patient
Jun 21, 2024NewsroomMalware / Threat Intelligence A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. “SneakyChef uses lures that are scanned documents of government agencies, most of which
The notorious LockBit group has reemerged to become the most prominent ransomware actor in May 2024, according to a new analysis by NCC Group. LockBit 3.0 returned to the fold in May to launch 176 ransomware attacks, 37% of the total number for the month. This represents an enormous 665% month-on-month increase for the ransomware-as-a-service
Business Security, Critical Infrastructure Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat Phil Muncaster 19 Jun 2024 • , 5 min. read Hacktivism surged back into mainstream consciousness with Russia’s invasion of Ukraine in February 2022. Less than two years later, politically-motivated
Jun 20, 2024NewsroomFirmware Security / Vulnerability Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the use
Individuals in China have been targeted by a QR code-based phishing (quishing) campaign which uses QR codes in fake official documents to deceive victims, according to new research by Cyble Research and Intelligence Labs (CRIL). As part of the campaign, Microsfot Word files masquerade as official documents from the Chinese Ministry of Human Resources and