According to Action1, threat actors are increasingly targeting edge devices known as load balancers. A load balancer distributes connections from clients between a set of servers. Although load balancers were generally secure, threat actors targeted them disproportionately, resulting in a record 17 percent exploitation rate. A single load balancer vulnerability can provide broad access or disruption capabilities against targeted networks. This article continues to discuss the increased targeting of load balancers by threat actors.

A malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into installing malware through malicious PowerShell "fixes." The new campaign has been used by multiple threat actors, including those behind "ClearFake," a new attack cluster called "ClickFix," and the "TA571" threat actor. This article continues to discuss findings regarding the malware distribution campaign involving fake Google Chrome, Word, and OneDrive errors.

Proofpoint researchers warn of a clever social engineering method to deliver malware. A social engineering technique rising in popularity among threat actors is the use of the fake error messages, displayed by a website or when opening an HTML document delivered as an email attachment. The attack chain requires significant user interaction, but the researchers noted that the social engineering method can present a user with what appears to be a real problem and solution at the same time, prompting them to act without considering the risk.

Sygnia reports that a Chinese state-sponsored threat actor dubbed "Velvet Ant" used a legacy F5 BIG-IP appliance to access a victim organization's network for three years. The threat actor used multiple mechanisms to gain a foothold in the organization's network. The cybersecurity company notes that this threat actor had infiltrated the organization's network at least two years before the investigation, gaining a strong foothold and gathering intelligence about it. Velvet Ant has used different tools and techniques to compromise critical systems and access sensitive data.

Rochester Institute of Technology (RIT) researchers created CTIBench, the first benchmark designed for assessing the performance of Large Language Models (LLMs) in Cyber Threat Intelligence (CTI) applications. The researchers emphasized that LLMs could revolutionize CTI by improving security analysts' ability to process and examine massive amounts of unstructured threat and attack data, as well as use more intelligence sources. However, they add that LLMs are vulnerable to hallucinations and text misunderstandings, especially in technical fields.

A team of researchers from Seoul National University, Samsung Research, and the Georgia Institute of Technology revealed a new speculative execution attack called "TikTag" targeting a hardware security feature in Arm CPUs. TikTag enables attackers to bypass protections. The researchers demonstrated the attack on the Memory Tagging Extension (MTE), a security feature introduced with the 8.5-A architecture that detects memory corruption.

Truist Bank has recently confirmed that its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum.  A threat actor known as Sp1d3r is selling what they claim is stolen data containing information belonging to 65,000 employees for $1 million.  The threat actor claims that the data for sale includes bank transactions with names, account numbers, balances, and source codes for Truist Bank's Interactive Voice Response (IVR) automated phone system for transferring funds.

In a new study conducted by researchers at Salt Security, 250 respondents were pooled across various job responsibilities, industries, and company sizes globally to compile a new report titled "State of API Security Report 2024." The researchers found that digital transformation projects appear to be accelerating faster than organizations' efforts to secure them, with nearly a quarter (23%) admitting they suffered a breach via production APIs last year.

Security researchers at Insikt Group recently observed a widespread malicious campaign targeting cryptocurrency users and involving Vortax, a fake virtual meeting software.  Vortax has a presence on social media and is marketed as a cross-platform and in-browser enterprise-focused alternative to other video chat services that leverages artificial intelligence to generate meeting summaries and action items and suggest questions or comments with its “MeetingGPT” product.

Texas-based insurance company Globe Life recently announced that it is investigating a data breach impacting the information of consumers and policyholders.  Globe Life said it launched an investigation into “potential vulnerabilities related to access permissions and user identity management for a company web portal” after an inquiry from a state insurance regulator.  The company noted that the probe showed that the vulnerabilities likely allowed unauthorized access to consumer and policyholder information.  It’s unclear what type of data may have been compromised.