Security

A newly discovered malware, Cthulhu Stealer, has been observed targeting macOS users, marking another significant cybersecurity threat to Apple’s operating system.  The tool, identified by Cado Security, operates as a malware-as-a-service (MaaS) and leverages Apple disk images (DMG) to disguise itself as legitimate software. How Cthulhu Stealer Works The Cthulhu Stealer primarily focuses on stealing

A newly discovered remote access Trojan (RAT) family, MoonPeak, has been linked to a North Korean-affiliated threat group known as UAT-5394. This sophisticated malware, based on the open-source XenoRAT, is undergoing active development, showcasing significant enhancements aimed at evading detection and improving functionality, according to recent research from Cisco Talos. Connection to Kimsuky UAT-5394, an

A recently discovered sophisticated mobile phishing technique has been observed in financial fraud campaigns across the Czech Republic, Hungary and Georgia. This phishing method leverages progressive web applications (PWA), these types of web applications offer a native-app-like experience and are gaining momentum on both Android and iOS devices. This technique is noteworthy because it installs

Read more about election security: Potential ransomware attacks during the 2024 election cycle have been deemed unlikely to compromise the security or accuracy of vote casting or counting. The news comes from a public service announcement (PSA) issued on August 15 by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency

National Public Data, a US background check company, suffered a data breach in April 2024 that could have exposed sensitive data records of millions of US, UK and Canadian residents. The Florida-based data broker, which provides access to data from various public record databases, court records, state and national databases and other repositories nationwide, confirmed

Microsoft has announced it is mandating multi-factor authentication (MFA) for all Azure sign-ins. Customers can select from multiple MFA options through Microsoft Entra to meet their needs. These are: Users approving sign-ins from a mobile app using push notifications, biometrics, or one-time passcodes though Microsoft Authenticator FIDO2 security keys, enabling sign-ins without a username or

Two US House of Representatives members have called on the US Department of Commerce to investigate Chinese-made Wi-Fi routers deployed in the US over hacking and espionage concerns. John Moolenaar (R-MI), chairman of the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, and Raja Krishnamoorthi (D-IL), a

Read more about cybersecurity at the Paris Olympics:  A new report has revealed a surge in malicious online activities leading up to the Paris Olympic Games, which started on July 26, 2024.  Published by cybersecurity researchers at BforeAI today, the new data shows threat actors exploited the popularity of the event by setting up fake

A new sophisticated phishing attack featuring a stealthy infostealer malware that exfiltrates a wide range of sensitive data has been uncovered by threat analysts.  This malware not only targets traditional data types like saved passwords but also includes session cookies, credit card information, Bitcoin-related extensions and browsing history. The collected data is then sent as a

Australian gold mining firm Evolution Mining recently reported a ransomware attack on its IT systems, identified on August 8, 2024.  In a Monday filing with the Australian Securities Exchange (ASX), the company stated that the incident was contained.  “The incident has been proactively managed with a focus on protecting the health, safety and privacy of

A newly discovered vulnerability, identified as CVE-2024-6768, has surfaced in the Common Log File System (CLFS.sys) driver of Windows.  This issue, identified by Fortra cybersecurity researcher, Ricardo Narvaja, highlights a flaw that could allow an unprivileged user to cause a system crash, resulting in Blue Screen of Death (BSOD).  The vulnerability exists due to improper input

OpenAI has a tool to automatically watermark AI-generated content, but company leadership is split on whether to release it to the public. According to The Wall Street Journal, the company behind ChatGPT started developing a tool capable of labeling content generated by its large language models (LLMs) two years ago. People familiar with the matter

In early July 2024, some of the world’s leading AI companies joined forces to create the Coalition for Secure AI (CoSAI). During a conversation with Infosecurity at Black Hat USA 2024, Jason Clinton, CISO at Anthropic, one of CoSAI’s founding members, explained some of the key goals of the new coalition and the cybersecurity focus

One of the US Cybersecurity and Infrastructure Security Agency’s (CISA) flagship initiatives is Secure by Design, launched in 2023. Now, the agency is imploring software customers to take the approach of Secure by Demand. This was the message given by CISA director Jen Easterly during the primary stage talk at Black Hat USA. “You have to

As the 2024 US election approaches, cybersecurity leaders intensify their efforts to safeguard the democratic process, drawing insights from global partners to address evolving threats. Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency (CISA) spoke at Black Hat USA about her confidence in the integrity of the nation’s election officials. However,

The recent CrowdStrike IT outage served as a dress rehearsal for a potential cyber-attack on critical infrastructure that could potentially be orchestrated by a nation-state like China. The CrowdStrike IT outage was a useful exercise in what may happen if China were to act in a disruptive manner against critical systems. “It’s really about building

Darktrace researchers have reported that 17.8 million phishing emails were detected between December 2023 and July 2024. The new report, published today at Black Hat USA, analyzes cyber-threats faced by businesses in the first half of the year and highlights the ongoing dominance of cybercrime-as-a-service.  According to the new figures, models like malware-as-a-service (MaaS) and

A new report from HP Wolf Security has highlighted the growing danger from threat actors targeting physical device supply chains with 19% of organizations saying they have been impacted by nation-state threat actors targeting physical PC, laptop or printer supply chains. Of the 800 IT and security decision makers surveyed, almost all (91%) believe nation-state

The UK’s National Cyber Security Centre (NCSC) has set out plans to launch a new version of its Active Cyber Defence (ACD) initiative to help businesses address evolving cyber-threats. ACD 2.0 will develop a “next generation” suite of cybersecurity tools and services that aim to plug gaps in the commercial market. The NCSC will also

The US Environmental Protection Agency (EPA) urgently needs to address rising cyber risks to water and wastewater systems, a new report by the US Government Accountability Office (GAO) has found. The warning comes amid rising targeting of water systems, including by nation-state actors. In December 2023, the Cybersecurity and Infrastructure Security Agency (CISA) attributed a

The UK’s Information Commissioner’s Office (ICO) has put 11 social media and video sharing platforms “on notice” for failing to do enough to safeguard children’s privacy. The regulator warned the 11 platforms that they could face enforcement action if they do not bring themselves into compliance or demonstrate a compelling reason for their current approach.

Russian Coms, the scam platform behind 1.8 million fraudulent calls, has been shut down by the UK’s National Crime Agency (NCA).   Russian Coms was established in 2021 and is thought to be behind financial losses in the tens of millions of pounds, according to an NCA statement published on August 1. The NCA said

An urgent appeal for blood donations has been issued following a ransomware attack on US blood donation center OneBlood. The non-profit center, headquartered in Florida, said the cyber-attack is impacting its software system, significantly reducing its capacity to collect, test and distribute blood to hospitals in Southeastern US. In a statement on July 31, Susan

Security researchers have uncovered a sophisticated phishing campaign targeting Microsoft OneDrive users. The campaign employs advanced social engineering tactics to trick users into executing a PowerShell script, compromising their systems.  The attack, discovered by the Trellix Advanced Research Center, begins with an email containing an HTML file urging users to resolve a DNS issue to

Security researchers have shed light on a new iteration of Mandrake, a sophisticated Android cyber-espionage malware tool. Initially analyzed by Bitdefender in May 2020, Mandrake had operated undetected for at least four years.  In April 2024, Kaspersky researchers discovered suspicious samples that were confirmed to be a new version of Mandrake. This latest variant was

Organizations are concerned about security threats stemming from developers using AI, according to a new Checkmarx report. The cloud-native application security provider found that 15% of organizations explicitly prohibit the use of AI tools for code generation, however 99% say that AI code-generating tools are being used regardless. Meanwhile, just 29% of organizations have established

A hacktivist group has claimed to have leaked CrowdStrike’s entire internal threat actor list, including indicators of compromise (IoC). CrowdStrike acknowledged the claims by the USDoD threat actor in a blog post on July 25, 2024. The firm noted that USDoD provided a link to download the alleged threat actor list and provided a sample

Pathology services provider Synnovis has rebuilt “substantial parts” of its systems since the ransomware attack on June 3, 2024, restoring critical blood supplies to NHS hospitals. Despite this, the NHS issued an alert over blood supply shortages on July 25. However, in an update on July 25, Synnovis revealed it has made significant progress in

Ransomware and business email compromise (BEC) attacks accounted for 60% of all incidents in the second quarter of 2024, according to a Cisco Talos report. Technology was the most targeted sector in this period, making up 24% of incidents – a 30% rise on the previous quarter. The researchers said that attackers may view technology

Read more coverage on the CrowdStrike IT outage: CrowdStrike has published a preliminary Post Incident Review (PIR) into the global IT outage on July 19, which was caused by a bug in a content update for its Falcon platform. The cybersecurity vendor revealed the incident was caused by a Rapid Response Content update containing an