Researchers have found that attackers can perform cryptocurrency mining using improperly configured Jenkins Script Console instances. Trend Micro warned that improperly set up authentication mechanisms expose the '/script' endpoint to attackers, making Remote Code Execution (RCE) possible. Jenkins is a widely used Continuous Integration and Continuous Delivery (CI/CD) platform with a Groovy script console that enables users to run arbitrary Groovy scripts in the Jenkins controller runtime.

Attackers are exploiting a Remote Code Execution (RCE) vulnerability in a Linux-wide Ghostscript document conversion toolkit. Ghostscript is pre-installed on many Linux distributions and is used by ImageMagick, LibreOffice, GIMP, Inkscape, Scribus, and the CUPS printing. All Ghostscript 10.03.0 and earlier installations are vulnerable to this format string flaw. Unpatched Ghostscript versions fail to prevent changes to uniprint device argument strings after the sandbox is activated, allowing attackers to escape the default -dSAFER sandbox.

A new cyber espionage actor, tracked as "CloudSorcerer," is targeting government organizations in the Russian Federation with sophisticated malware that can adapt its behavior based on the execution environment. The Advanced Persistent Threat (APT) group uses an operational style similar to that of "CloudWizard," another APT discovered last year that also targets Russian entities. This article continues to discuss findings regarding CloudSorcerer's cyber espionage campaign.

The Ethereum Foundation's account on a mailing list platform was hacked to send email phishing lures to about 35,794 addresses. Phishing emails from a legitimate email address promoted a Lido scam and linked to a malicious website that drained visitors' wallets. According to the Ethereum Foundation, this website had a cryptocurrency drainer running in the background that would drain a user's wallet if they signed the transaction requested by the website. This article continues to discuss the hacking of the Ethereum Foundation's account on a mailing list platform.

The ransomware group known as RansomHub recently leaked data allegedly stolen from the Florida Department of Health.  RansomHub added the agency to its Tor-based leak site on July 2, claiming to have stolen over 100 gigabytes of data from its network, including personally identifiable information (PII) and protected health information (PHI).

A threat actor, "Sp1d3rHunters," continued their extortion campaign against Ticketmaster on Monday by claiming to leak over 30,000 print-at-home tickets stolen from the vendor.  The threat actor advertised the data dump on an underground forum alongside a four-step guide for users to make their own printable barcode tickets.  They claimed to have tickets for gigs by Stevie Nicks, Pearl Jam, Foo Fighters, Red Hot Chili Peppers, and many more artists.  The threat actor warned Ticketmaster that they now have to reset 30K more tickets.

"Eldorado," a new Ransomware-as-a-Service (RaaS), encrypts Windows and Linux files with locker variants. According to Group-IB, Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP. Researchers said the Eldorado ransomware uses Golang for cross-platform capabilities, Chacha20 for file encryption, and RSA-OAEP for key encryption. This article continues to discuss findings regarding the Eldorado RaaS.

The US Cybersecurity and Infrastructure Security Agency (CISA) has published its "Guide to Operational Security for Election Officials." This guide provides a comprehensive overview of Operational Security (OPSEC) in elections, underlining risks and offering practical mitigation measures to improve election infrastructure security. OPSEC systematically identifies and protects sensitive organizational data, information, and capabilities.

According to TRM Labs, cryptocurrency exchange hacks and exploits has resulted in the theft of twice as much money in the first half of 2024 as the same period in 2023. A new TRM report found that cryptocurrency exchange hackers stole $1.38 billion between January 1 and June 24, 2024. This article continues to discuss the rise in hacks and exploits on cryptocurrency exchanges.

Infosecurity Magazine reports "Crypto Thefts Double to $1.4 Billion, TRM Labs Finds"

According to the New York Times (NYT), OpenAI, the ChatGPT maker, had an undisclosed breach in early 2023. The NYT reports that the attacker stole employee forum discussions but did not access systems housing and building the Artificial Intelligence (AI). OpenAI claims that no customer or partner data was stolen, and the breach did not threaten national security, so it did not notify the FBI. This article continues to discuss the theft of secrets from OpenAI in 2023.