Month: June 2024

0 Comments
ESET Research, Threat Reports A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 27 Jun 2024  •  , 2 min. read These past six months painted a dynamic landscape of Android Financial threats – malware going after victims’
0 Comments
Large organizations have significantly strengthened their cyber workforce in 2024, according to cyber consultancy Wavestone. In its Cyber Benchmark 2024 report, Wavestone found that, on average, companies with over $1bn in revenues have one expert dedicated to cybersecurity for 1086 employees. In 2023, the same organizations had one cyber professional for 1285 employees – a
0 Comments
Jun 29, 2024NewsroomCybersecurity / Website Security Google has announced that it’s going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority’s inability to address security issues in a timely manner. “Over the past several years, publicly disclosed incident reports
0 Comments
Jun 28, 2024NewsroomSoftware Security / DevOps GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3,
0 Comments
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat’s transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. “With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it
0 Comments
Progress Software has disclosed two fresh vulnerabilities in its MOVEit file transfer products. The first is an authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration (CVE-2024-5806). It affects the Secure File Transfer Protocol (SFTP) service from version 2023.0.0 to 2023.0.11, 2023.1.0 to 2023.1.6 and 2024.0.0 to 2024.0.2. The second is an
0 Comments
Jun 26, 2024NewsroomVulnerability / Data Protection A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions – From 2023.0.0 before
0 Comments
New fraud campaigns have been discovered involving the Medusa (TangleBot) banking Trojan, which had evaded detection for nearly a year.  An analysis published by Cleafy researchers last week revealed that this sophisticated malware family, first identified in 2020, has resurfaced with significant changes.  This malware, known for its remote access Trojan (RAT) capabilities, includes keylogging,
0 Comments
Jun 25, 2024NewsroomVulnerability / Threat Detection Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact (“sccm-updater.msc“) that was
0 Comments
Security researchers from Group-IB have unveiled the operations of a threat actor known as Boolka, whose activities involve deploying sophisticated malware and engaging in web attacks.  According to an advisory published by the company on Friday, the group has been observed exploiting vulnerabilities through SQL injection attacks since 2022, targeting websites across various countries. The
0 Comments
Jun 24, 2024NewsroomArtificial Intelligence / Cloud Security Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the
0 Comments
Threat actors have published nearly 400GB of data stolen from pathology provider Synnovis, including sensitive NHS patient information, according to reports. The data was apparently accessed by ransomware group Qilin following the attack on critical NHS supplier Synnovis on June 3, 2024. The gang reportedly posted the information on its darknet site and Telegram channel
0 Comments
Jun 22, 2024NewsroomPhishing Attack / Adware A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. “The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,” cybersecurity firm eSentire said in an analysis, adding
0 Comments
The US government has banned cybersecurity provider Kaspersky from selling its products in the country because of the company’s alleged links to the Russian regime. On June 20, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) issued a Final Determination prohibiting Kaspersky Lab, Inc., the US subsidiary of the Russian cybersecurity
0 Comments
Jun 22, 2024NewsroomCyber Espionage / Threat Intelligence Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. “ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang,” Positive Technologies researchers Vladislav Lunin
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed its Chemical Security Assessment Tool (CSAT) was breached by a malicious actor, and warned chemical facilities that sensitive data may have been exfiltrated. The attackers exploited a zero-day vulnerability in an Ivanti Connect Secure appliance to infiltrate CSAT from January 23 to 26, 2024. The
0 Comments
Digital Security As health data continues to be a prized target for hackers, here’s how to minimize the fallout from a breach impacting your own health records Phil Muncaster 20 Jun 2024  •  , 5 min. read Digital transformation is helping healthcare providers across the globe to become more cost-efficient, while improving standards of patient
0 Comments
Jun 21, 2024NewsroomMalware / Threat Intelligence A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. “SneakyChef uses lures that are scanned documents of government agencies, most of which
0 Comments
The notorious LockBit group has reemerged to become the most prominent ransomware actor in May 2024, according to a new analysis by NCC Group. LockBit 3.0 returned to the fold in May to launch 176 ransomware attacks, 37% of the total number for the month. This represents an enormous 665% month-on-month increase for the ransomware-as-a-service
0 Comments
Business Security, Critical Infrastructure Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat Phil Muncaster 19 Jun 2024  •  , 5 min. read Hacktivism surged back into mainstream consciousness with Russia’s invasion of Ukraine in February 2022. Less than two years later, politically-motivated
0 Comments
Jun 20, 2024NewsroomFirmware Security / Vulnerability Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the use