Amtrak is starting to notify some customers that their Guest Rewards Accounts have been hacked.  According to Amtrak, no Amtrak systems were compromised in the attacks, as credential stuffing was employed.  During credential stuffing attacks, threat actors leverage username and password combinations obtained from other data breaches, malware infections, or phishing, in an attempt to gain access to accounts that use the same login credentials.  Amtrak noted that they believe the unauthorized party may have obtained login credentials from third-party sources.

According to security researchers at Hack The Box, British and US enterprises may be throwing away as much as $756m each year through lost productivity due to burned-out cybersecurity staff.  The researchers claimed UK employers may be losing a combined $130m annually, while their US counterparts could be down by as much as $626m due to lost productivity.  The research pointed the blame squarely at employee burnout.

A team of researchers investigated 36 digital square global goods, including open source apps, software development kits, desktop apps, and web apps used in the health sector. Eighty-three percent of them were found to contain passwords, private keys, authentication tokens, and other secrets that could be exposed. The research group, including Upanzi Network researchers Theoneste Byagutangaza and Junias Bonou and Carnegie Mellon University (CMU)-Africa student Emmanuel Hirwa, wants software developers to design products with cybersecurity in mind.

Threat actors are using free or pirated versions of commercial software as lures to deliver "Hijack Loader," which deploys "Vidar Stealer," an information stealer. According to Trellix security researcher Ale Houspanossian, attackers tricked users into downloading password-protected archive files with trojanized copies of the Cisco Webex Meetings app. When victims extracted and executed a Setup.exe binary file, the Cisco Webex Meetings app secretly installed a malware loader. This loader leads to the launch of an information-stealing module.

Recent attacks on customer accounts hosted by the Snowflake data warehousing platform suggest that threat actors are shifting to targeting Software-as-a-Service (SaaS) application environments. Mandiant recently released a report on another large threat actor who has started targeting enterprise data in SaaS applications, expanding its usual focus on Microsoft cloud environments and on-premises infrastructure.

According to a new Barracuda report, in 2023, about 92 percent of organizations faced an average of six credential compromises due to email-based social engineering attacks. Scamming and phishing made up most of the social engineering attacks last year. This article continues to discuss key findings regarding some notable trends in how attackers are targeting users via social engineering techniques.

According to G Data CyberDefense, a backdoor dubbed "BadSpace" is being distributed using a multi-stage attack chain involving infected WordPress websites. In late May, the backdoor was identified and observed being distributed using a mechanism similar to that of "SocGholish." This article continues to discuss findings regarding the distribution of the BadSpace backdoor via drive-by attacks involving infected websites and JavaScript downloaders.

According to Action1, threat actors are increasingly targeting edge devices known as load balancers. A load balancer distributes connections from clients between a set of servers. Although load balancers were generally secure, threat actors targeted them disproportionately, resulting in a record 17 percent exploitation rate. A single load balancer vulnerability can provide broad access or disruption capabilities against targeted networks. This article continues to discuss the increased targeting of load balancers by threat actors.

A malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into installing malware through malicious PowerShell "fixes." The new campaign has been used by multiple threat actors, including those behind "ClearFake," a new attack cluster called "ClickFix," and the "TA571" threat actor. This article continues to discuss findings regarding the malware distribution campaign involving fake Google Chrome, Word, and OneDrive errors.

Proofpoint researchers warn of a clever social engineering method to deliver malware. A social engineering technique rising in popularity among threat actors is the use of the fake error messages, displayed by a website or when opening an HTML document delivered as an email attachment. The attack chain requires significant user interaction, but the researchers noted that the social engineering method can present a user with what appears to be a real problem and solution at the same time, prompting them to act without considering the risk.