Security

The Akira ransomware group has generated around $42m in proceeds in the period from March 2023 to January 2024, according to a joint advisory from Europol and US and Dutch government agencies. The ransomware-as-a-service (RaaS) actor is believed to have impacted over 250 organizations across North America, Europe and Australia during this period, with a

A new study by CyberSN warns that the overall number of cybersecurity job postings in the US decreased by 22% from 2022 to 2023. The cyber job platform provider added that this decline is alarming and could impact national security, as some of these roles are essential for maintaining organizational and national cyber defenses. The

Quishing attacks, a form of phishing that leverages QR codes, have significantly increased, climbing from a mere 0.8% in 2021 to 10.8% in 2024.  The figures come from the latest Egress report, which also suggests a notable decrease in attachment-based payloads, which halved from 72.7% to 35.7% over the same period.  According to the new

Threat actors have been observed exploiting unpatched Atlassian servers and deploying a Linux variant of Cerber ransomware, also known as C3RB3R.  The attacks capitalize on CVE-2023-22518, a critical security vulnerability in Atlassian Confluence Data Center and Server, enabling an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, threat actors

A substantial 93% of enterprises admitting to a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss.  This alarming statistic, unveiled by Pentera’s latest research efforts, underscores the escalating challenges organizations face in safeguarding their digital assets against evolving cyber-threats. The report, published today, comprehensively analyzes how enterprises worldwide

Russia, Ukraine and China harbor the greatest cybercriminal threat, according to the first World Cybercrime Index (WCI). This world-first cybercrime ranking is the result of work by an international team of academic researchers who surveyed 92 leading cybercrime experts and analyzed the results following a scientific methodology. The research project for the World Cybercrime Index

Cybersecurity researchers have uncovered a significant data exposure concerning nearly 300,000 taxi passengers in the UK and Ireland.  Jeremiah Fowler, in collaboration with vpnMentor, found a non-password-protected database containing personal details such as names, phone numbers and email addresses. These records, belonging to Dublin-based iCabbi, a dispatch and fleet management technology provider, were left vulnerable

A critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software, used in its GlobalProtect gateways, is being exploited in the wild, and no patches are available yet. Palo Alto Networks issued an alert about the flaw on April 12, 2024, thanking cybersecurity firm Volexity for discovering it. The vulnerability is a command injection vulnerability in

The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a breach affecting business analytics provider Sisense and urged its customers to rest their credentials. On April 11, 2024, CISA issued an advisory regarding Sisense customer data being potentially compromised. The agency is “currently collaborating with private industry partners to respond to a recent compromise

Apple has updated its documentation related to its warning system for mercenary spyware threats, now specifying that it alerts users when they may have been individually targeted by such attacks. The revision points out companies like NSO Group, known for developing surveillance tools like Pegasus, which state actors often use for targeted attacks on individuals

The threat actor TA547 has been observed targeting German organizations with the known stealer Rhadamanthys. According to a recent report from Proofpoint, this is the first time this threat actor has been associated with such activity.  What’s particularly intriguing according to the researchers is the actor’s apparent employment of a PowerShell script likely generated by

Many threat actors are turning to malware to scan software vulnerabilities that they can use in future cyber-attacks. Security researchers at Unit 42, the threat intelligence branch of cybersecurity provider Palo Alto Networks, discovered a significant number of malware-initiated scans among the scanning attacks they detected in 2023. Traditional Vulnerability Scanning Explained Vulnerability scanning is

A bipartisan US federal data protection law has been drafted by two US lawmakers, aiming to codify and enforce privacy rights for all US citizens. Congresswoman Cathy McMorris Rodgers (R-WA 5th District) who is the House Committee on Energy and Commerce Chair, and Senator Maria Cantwell (D-WA), the Senate Committee on Commerce, Science and Transportation

China-affiliated threat actors are ramping up the use of AI to influence and sow division in the US and other countries, according to a new report by the Microsoft Threat Analysis Center (MTAC). The researchers highlighted how Chinese Communist Party (CCP)-affiliated actors are publishing AI-generated content on social media to amplify controversial domestic issues and

Cloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, the leading hub for sharing AI models and applications. In a blog post published on April 4, Wiz Research described the two flaws and the risk they could pose to AI-as-a-service providers. These are: Shared Inference infrastructure takeover

Chinese threat actors have developed new techniques to move laterally post-exploitation of Ivanti vulnerabilities, new research from Mandiant has revealed. Five suspected China-nexus espionage groups’ activity has been detailed by Mandiant in a blog post, dated April 4. The activity follows the exploitation of the CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893 vulnerabilities, which were previously identified in

The impact of Operation Cronos continues to hinder the LockBit ransomware group’s operations and the gang begun posting fake victim claims to its leak site. Almost 80% of victim entries that appear on the group’s new data leak site post-Operation Cronos are illegitimate claims, according to a new report by Trend Micro, a Japanese cybersecurity

Microsoft has been blamed for “cascade of security failures” that enabled Chinese threat actors to access US government officials’ emails in the Summer of 2023, an independent report has concluded. The US Department of Homeland Security (DHS) published the Cyber Safety Review Board’s (CSRB) report into the incident on April 2, 2024, which found that

AT&T has acknowledged the authenticity of a dataset containing the details of 73 million current and former customers after a hacker advertised it on a dark web marketplace around March 17. 🚨BREAKING🚨Allegedly, a threat actor has exposed data from AT&T @ATT. They claim the data shows SSN, DOB, Full Names, Phone, Addresses, Emails, and other

Nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data since 2019, potentially costing them billions, according to a new study from Beaming. The business ISP polled 504 UK-based business leaders about their data backup and cybersecurity strategies, as well as any incidents of data loss they experienced between

Reported data breach incidents rose by 34.5% in 2023, with over 17 billion personal records compromised throughout the year, according to Flashpoint’s 2024 Global Threat Intelligence Report. The firm recorded 6077 publicly reported data breaches last year, which included sensitive information such as names, social security numbers and financial data. Over 70% of these incidents

It’s now official: the US National Institute of Standards and Technology (NIST) will hand over some aspects of the management of the world’s most widely used software vulnerability repository to an industry consortium. NIST, an agency within the US Department of Commerce, launched the US National Vulnerability Database (NVD) in 2005 and has operated it

The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new draft for updated rules on cyber reporting for critical infrastructure organizations. In an effort to update its Cyber Incident Reporting for Critical Infrastructure (CIRCIA) Act of 2022, CISA released the first draft of new proposed rules, which will be published in the Federal

The US Department of the Treasury has warned of the cybersecurity risks posed by AI to the financial sector. The report, which was written at the direction of Presidential Executive Order 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, also sets out a series of recommendations for financial institutions on

NHS Dumfries and Galloway has confirmed that patient clinical data has been leaked online by a ransomware group following the attack on its systems earlier this month. The statement by the Scottish NHS Trust dated March 27, 2024, revealed that clinical data relating to a small number of patients has been published by a “recognized

Just 5% of businesses have a cyber expert on the board, despite stronger cybersecurity correlating with significantly higher financial performance, according to a new report by Diligent and Bitsight. There was a significant variation between countries regarding the proportion of organizations with a cyber expert on the board, ranging from 10% in France to just

A new phishing kit dubbed Tycoon 2FA has raised significant concerns in the cybersecurity community.  Discovered by the Sekoia Threat Detection & Research (TDR) team in October 2023 and discussed in an advisory published today, the kit is associated with the Adversary-in-The-Middle (AiTM) technique and allegedly utilized by multiple threat actors to orchestrate widespread and

In a bipartisan effort, the US House of Representatives has approved legislation to curtail the sharing of Americans’ sensitive data with foreign entities.  The bill, known as the Protecting Americans’ Data from Foreign Adversaries Act (HR 7520), spearheaded by Congresswoman Cathy McMorris Rodgers (R-WA) and Frank Pallone (D-NJ), secured an overwhelming vote of 414-0. This legislative move

The US government has published new distributed denial-of-service (DDoS) attack guidance for public sector entities to help prevent disruption to critical services. The document is designed to serve as a comprehensive resource to address the specific needs and challenges faced by federal, state and local government agencies in defending against DDoS attacks. The advisory noted

A new variant of the wiper malware AcidRain, known as AcidPour, has been discovered by SentinelOne’s threat intelligence team, SentinelLabs. AcidRain is destructive wiper malware attributed to Russian military intelligence. In May 2022, AcidRain was used in a broad-scale cyber-attack against Viasat’s KA-SAT satellites in Ukraine. The malware rendered KA-SAT modems inoperative in Ukraine and