Microsoft has decided to disable its Windows Recall feature on Copilot+ PCs by default. The feature, considered a security and privacy risk, was turned on by default, requiring users to go through checkboxes to opt out of the software. Windows Recall uses Artificial Intelligence (AI) to create a searchable digital memory of everything a user does on their Windows computer. Security researchers found several ways malware could steal Windows Recall data, and Google Project Zero researcher James Forshaw showed that Windows Recall data is poorly protected.

Security researchers at Patchstack have discovered multiple security vulnerabilities in the WooCommerce Amazon Affiliates (WZone) plugin.  This premium WordPress plugin, developed by AA-Team and boasting over 35,000 sales, is designed to assist site owners and bloggers in monetizing their websites via the Amazon affiliate program.  The researchers noted that the vulnerabilities identified are serious, impacting all tested versions, including version 14.0.10 and potentially those from version 14.0.20 onward.

Los Angeles Unified School District (LAUSD) officials announced they are investigating a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers.  LAUSD is the second largest public school district in the United States, with over 25,900 teachers, roughly 48,700 other employees, and more than 563,000 students enrolled during the 2023-2024 school year.  The group claiming to have stolen data is the Vice Society ransomware group.  Vice Society is selling the allegedly stolen data for $1,000.

SolarWinds recently announced patches for multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a penetration tester working with NATO.  Version 2024.2, the latest SolarWinds Platform iteration, includes patches for three new security defects and fixes for multiple bugs in third-party components.  The first issue, tracked as CVE-2024-28996 and reported by a NATO Communications and Information Agency pentester, is described as an SWQL injection flaw.

Experts warn that the ransomware ecosystem has changed significantly in 2024, and organizations must adapt their defenses. Bitdefender Technical Solutions Director Martin Zugec calls on the security community to forget what they know about ransomware and learn how new groups are changing the game. According to Zugec, the recent collapse of two leading Ransomware-as-a-Service (RaaS) operators, "LockBit" and "BlackCat," prompted this change. Law enforcement took down LockBit infrastructure in February 2024.

According to former National Cyber Security Centre CEO Ciaran Martin, the "Qilin" Ransomware-as-a-Service (RaaS) group is believed to have been behind the recent cyberattack that forced multiple London hospitals to declare a state of emergency. Qilin typically targets high-value targets and launches double extortion attacks against the healthcare and education sectors. A Cyberint analysis found that the Qilin ransomware has Golang and Rust variants, with the Rust variant being more evasive, customizable, and hard to decipher.

Akamai warns that two Remote Code Execution (RCE) vulnerabilities in ThinkPHP that were patched five years ago are being exploited in a new wave of attacks. The bugs, publicly disclosed in late 2018 and early 2019, affect Content Management Systems (CMS) using older versions of the popular open source web application framework. A Chinese-speaking threat actor has exploited the flaws to fetch a file from a likely compromised server in China and deploy a web shell on vulnerable servers in two attack campaigns.

"Muhstik," a Distributed Denial-of-Service (DDoS) botnet, exploited a now-patched Apache RocketMQ security flaw to co-opt vulnerable servers and grow. According to researchers at Aqua, Muhstik targets Internet of Things (IoT) devices and Linux-based servers, infecting and using devices for cryptocurrency mining and DDoS attacks. This article continues to discuss findings regarding the Muhstik botnet.

THN reports "Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks"

ConnectWise reports that 94 percent of small and midsize businesses (SMBs) have faced at least one cyberattack, up from 64 percent in 2019. SMBs are losing confidence in their ability to protect their businesses, with 78 percent worried that a severe cyberattack could shut them down. This growing fear is forcing SMBs to rethink and strengthen their cybersecurity strategies to protect data, maintain customer trust, and innovate. This article continues to discuss key findings from ConnectWise regarding the state of SMB cybersecurity.  

According to security researchers at Artic Wolf Labs, a new ransomware operation named "Fog," launched in early May 2024, is using compromised VPN credentials to breach the networks of educational organizations in the U.S.  The ransomware operation has not yet set up an extortion portal, and data has not been observed being stolen.  During attacks, the researchers noted that Fog's operators accessed victim environments using compromised VPN credentials from at least two different VPN gateway vendors.