Taiwan-based networking device manufacturer Zyxel recently announced three critical severity vulnerabilities in two discontinued NAS products that could lead to command injection and arbitrary code execution.  The first two flaws tracked as CVE-2024-29972 and CVE-2024-29973, are command injection bugs that can be exploited without authentication via crafted HTTP POST requests.  Another unauthenticated issue, CVE-2024-29974, could allow attackers to execute arbitrary code by uploading crafted configuration files.

According to security researchers at CyberSeek, over 200,000 more cybersecurity workers are needed in the United States to close the talent gap.  Currently, there are more than 1.2 million cybersecurity workers in the United States.

Windows Recall, which takes screenshots of a user's activity every five seconds and saves them on their device, is easy to abuse, according to cybersecurity researchers. One ethical hacker has created a tool called "TotalRecall" to extract data collected by Windows' new Recall Artificial Intelligence (AI). Since Microsoft announced Recall in mid-May, security researchers have compared it to spyware or stalkerware that tracks everything a user does on their device. The TotalRecall tool can pull all the information Recall saves into its main database on a Windows laptop.

Russian organizations have been targeted in cyberattacks that deliver a Windows variant of the "Decoy Dog" malware. The activity cluster, tracked by Positive Technologies as "Operation Lahat," is linked to "HellHounds," an Advanced Persistent Threat (APT) group. The HellHounds group compromises organizations and gains access to their networks, going undetected for years. This article continues to discuss the targeting of Russian organizations with Decoy Dog malware.

The RansomHub ransomware group recently claimed responsibility for the April 2024 cyberattack on telecommunications giant Frontier Communications.  In an April filing with the Securities and Exchange Commission (SEC), Frontier revealed that the intrusion was identified on April 14 and resulted in certain systems being shut down to contain the attack.  The ransomware group claims to have stolen information, including names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and credit scores of more than two million Frontier customers.

Several of London's largest hospitals have canceled operations due to a ransomware attack on a third-party provider. Synnovis, which provides pathology services, such as blood tests for transfusions, to healthcare organizations, was attacked. The largest UK heart and lung specialist hospitals, Royal Brompton and Harefield, may also be affected. Due to the incident, some appointments have been canceled, or patients have been redirected to other providers. Extra patients may strain other hospitals' resources and cause more critical incidents.

Researchers have discovered a sophisticated cyberattack targeting Microsoft Windows systems in Ukraine. According to a new FortiGuard Labs advisory, the attack involves an Excel file embedded with a VBA macro to deploy a malicious DLL file, leading to the delivery of the "Cobalt Strike" payload. This malware strategy enables attackers to communicate with a Command-and-Control (C2) server and use evasion techniques to deploy the payload. This article continues to discuss findings regarding the multi-stage malware targeting Windows users in Ukraine.

The "Have I Been Pwned" (HIBP) data breach notification service now includes 361 million more email addresses stolen in credential stuffing attacks involving password-stealing malware, and data breaches. Cybersecurity researchers gathered these credentials from Telegram cybercrime channels, which leak stolen data to users to gain reputation and subscribers. This article continues to discuss the addition of millions of stolen email addresses to the HIBP data breach notification service.

Due to the recent exploitation of an old Oracle WebLogic flaw by China-based hackers to deploy cryptocurrency miners, the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) catalog. The Oracle WebLogic Server vulnerability enables unauthenticated attackers to access or modify critical data and execute OS commands. Attackers can perform Remote Code Execution via specially crafted HTTP requests. This article continues to discuss the CISA's addition of an old Oracle WebLogic flaw, tracked as CVE-2017-3506, to its KEV catalog.

Google recently started rolling out the June 2024 set of monthly security updates for Android, with patches for 37 vulnerabilities, including multiple high-severity elevation of privilege bugs.  The first part of this month's security update, which arrives on devices as the "2024-06-01 security patch level", resolves 19 flaws in the Framework and System components.  Google noted that the most severe of these issues is a high-severity vulnerability in the System component that could lead to local escalation of privilege with no additional execution privileges needed.