Security

The US government has taken down Samourai Wallet, a cryptocurrency mixing service that executed over $2bn in unlawful transactions and laundered over $100m in criminal proceeds. In an April 24 press release, the US Department of Justice (DoJ) announced that Samourai’s web servers and domain were seized following a law enforcement operation in collaboration with

The US Federal Trade Commission (FTC) will send a total of $5.6m in refunds to customers of Ring, a home camera provider, as the result of a settlement with Ring over security and privacy failings. Ring, which was bought by tech giant Amazon in 2018, reached the settlement with the FTC in 2023 over charges

US government and critical infrastructure entities were sent 1754 ransomware vulnerability notifications under the Ransomware Vulnerability Warning Pilot (RVWP) program in 2023, resulting in 852 vulnerable devices being secured or taken offline. The highest number of alerts were sent to government facilities (641), which encompasses a range of federal, state and local government organizations, including

A state-sponsored threat actor has launched a sophisticated cyber espionage campaign that exploits two vulnerabilities in Cisco firewall platforms, according to an advisory from Cisco Talos. The campaign, dubbed ArcaneDoor, targets perimeter network devices to enable the attacker to undertake a range of actions inside an organization’s systems, including rerouting or modifying traffic and monitoring

The US Treasury has sanctioned several companies and individuals that have conducted cyber operations against American businesses and government entities on behalf of the Iranian regime. The companies in question acted as “fronts” for the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) to attack US businesses and government entities using techniques like spear

In a move away from traditional phishing scams, attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, according to Mandiant’s M-Trends 2024 Report. In 2023, attackers gained initial access through exploiting vulnerabilities in 38% of intrusions, a 6% increase from the previous year. Mandiant also found phishing’s prevalence declined from 22%

A dependency confusion vulnerability has been found within an archived Apache project.  According to new data by Legit Security, who made the discovery, the finding underscores the importance of scrutinizing third-party projects and dependencies, particularly those archived and potentially neglected in terms of updates and security patches.  The technical post, published today, suggests that despite

Quishing attacks, a form of phishing that leverages QR codes, have significantly increased, climbing from a mere 0.8% in 2021 to 10.8% in 2024.  The figures come from the latest Egress report, which also suggests a notable decrease in attachment-based payloads, which halved from 72.7% to 35.7% over the same period.  According to the new

The Akira ransomware group has generated around $42m in proceeds in the period from March 2023 to January 2024, according to a joint advisory from Europol and US and Dutch government agencies. The ransomware-as-a-service (RaaS) actor is believed to have impacted over 250 organizations across North America, Europe and Australia during this period, with a

A new study by CyberSN warns that the overall number of cybersecurity job postings in the US decreased by 22% from 2022 to 2023. The cyber job platform provider added that this decline is alarming and could impact national security, as some of these roles are essential for maintaining organizational and national cyber defenses. The

US election officials have been urged to take action to counter nation-state influence operations targeting this year’s election cycle. The joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI), warned that Russia, China and Iran are engaged in influence

A known network has been targeting EU voters on Meta platforms (Facebook, Instagram, Messenger and Threads) with pro-Russian propaganda in France and Germany, according to a new report by non-profit analytics organization AI Forensics. The campaign has reached more than 38 million accounts in the last six months, with most ads not identified by Meta

Security researchers have discovered a new vulnerability affecting command-line tools used in cloud environments.  Dubbed “LeakyCLI” by the Orca Security team, the flaw exposes sensitive credentials in logs, posing potential risks to organizations utilizing AWS and Google Cloud platforms.  The issue mirrors a previously identified vulnerability in Azure CLI (CVE-2023-36052, with a CVSS score of

Global chipmaker giant Nexperia has revealed it suffered a cyber-attack amid reports that ransomware hackers stole sensitive documents and intellectual property from the company. The Chinese-owned firm, headquartered in the Netherlands, confirmed in a statement on April 12 that “an unauthorized third party” accessed certain IT servers in March 2024. “We promptly took action and

Apple has updated its documentation related to its warning system for mercenary spyware threats, now specifying that it alerts users when they may have been individually targeted by such attacks. The revision points out companies like NSO Group, known for developing surveillance tools like Pegasus, which state actors often use for targeted attacks on individuals

The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a breach affecting business analytics provider Sisense and urged its customers to rest their credentials. On April 11, 2024, CISA issued an advisory regarding Sisense customer data being potentially compromised. The agency is “currently collaborating with private industry partners to respond to a recent compromise

A critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software, used in its GlobalProtect gateways, is being exploited in the wild, and no patches are available yet. Palo Alto Networks issued an alert about the flaw on April 12, 2024, thanking cybersecurity firm Volexity for discovering it. The vulnerability is a command injection vulnerability in

Threat actors are going to great lengths to ensure that malicious code hidden in legitimate-looking GitHub repositories is used by as many developers as possible, Checkmarx has warned. The security vendor’s research engineer, Yehuda Gelb, described a number of techniques deployed in a recent campaign designed to ensure these repositories appear at the top of

A critical vulnerability in the Rust standard library could be exploited to target Windows systems and perform command injection attacks. The flaw was discovered by a security engineer from Flatt Security known as RyotaK. They named it BatBadBut, reported it to the CERT Coordination Center (CERT/CC) and published an analysis on April 9, 2024. That

Network attached storage (NAS) vendor D-Link has urged users of end-of-life (EOL) products to retire and replace them, after news emerged of mass exploitation of legacy kit via a newly discovered vulnerability. Security researcher “netsecfish” published details of the vulnerability, which affects various D-Link NAS devices, on March 26. “The vulnerability lies within the nas_sharing.cgi

Threat actors increasingly utilize YouTube to distribute information stealer malware (infostealers) by appropriating legitimate channels as well as using their own video channels. In a new report, the AhnLab Security Intelligence Center (ASEC) found a growing number of cases in which malicious actors steal famous YouTube channels and repurpose them to distribute infostealers like Vidar

Cloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, the leading hub for sharing AI models and applications. In a blog post published on April 4, Wiz Research described the two flaws and the risk they could pose to AI-as-a-service providers. These are: Shared Inference infrastructure takeover

Chinese threat actors have developed new techniques to move laterally post-exploitation of Ivanti vulnerabilities, new research from Mandiant has revealed. Five suspected China-nexus espionage groups’ activity has been detailed by Mandiant in a blog post, dated April 4. The activity follows the exploitation of the CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893 vulnerabilities, which were previously identified in

China-affiliated threat actors are ramping up the use of AI to influence and sow division in the US and other countries, according to a new report by the Microsoft Threat Analysis Center (MTAC). The researchers highlighted how Chinese Communist Party (CCP)-affiliated actors are publishing AI-generated content on social media to amplify controversial domestic issues and

Leicester City Council has confirmed that confidential data has been published online by a “known ransomware group” following a cyber incident that was identified on March 7. The UK local authority said on April 3 that around 25 documents have been leaked, including rent statements, applications to purchase council housing and personal identification documents such

The UK and US will work together to develop tests for the most advanced AI models. On April 1, 2024, the UK’s Technology Secretary Michelle Donelan and the US Commerce Secretary Gina Raimondo signed a Memorandum of Understanding (MOU) committing to the safety of AI models. The new partnership will see the US and the

The Indian government has said it has been able to rescue hundreds of citizens lured to Cambodia with job offers only to be forced into working for cybercrime gangs. A brief statement from India’s Ministry of External Affairs (MEA) released on Saturday claimed that it and the country’s embassy in Cambodia had released several advisories

Reported data breach incidents rose by 34.5% in 2023, with over 17 billion personal records compromised throughout the year, according to Flashpoint’s 2024 Global Threat Intelligence Report. The firm recorded 6077 publicly reported data breaches last year, which included sensitive information such as names, social security numbers and financial data. Over 70% of these incidents

It’s now official: the US National Institute of Standards and Technology (NIST) will hand over some aspects of the management of the world’s most widely used software vulnerability repository to an industry consortium. NIST, an agency within the US Department of Commerce, launched the US National Vulnerability Database (NVD) in 2005 and has operated it

The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new draft for updated rules on cyber reporting for critical infrastructure organizations. In an effort to update its Cyber Incident Reporting for Critical Infrastructure (CIRCIA) Act of 2022, CISA released the first draft of new proposed rules, which will be published in the Federal