A new botnet called "Goldoon" targets D-Link routers by exploiting a nearly decade-old critical security flaw to launch more attacks. The vulnerability, tracked as CVE-2015-2051 with a CVSS score of 9.8, impacts D-Link DIR-645 routers and enables remote attackers to execute arbitrary commands via specially crafted HTTP requests. According to Fortinet FortiGuard Labs researchers, attackers can gain complete control of a compromised device, extract system information, communicate with a Command-and-Control (C2) server, and more.

There has been a rise in the use of native Microsoft services by nation-state espionage actors for their Command-and-Control (C2) needs. In recent years, several unrelated groups have realized that using Microsoft's services against their targets is cheaper and more effective than building and maintaining their own infrastructure. Besides saving money and hassle by not having to build and maintain their own infrastructure, using legitimate services lets attackers blend in with legitimate network traffic.

Continuum, a health management and patient care coordination company, said attackers stole personal and medical data. According to Continuum's report to the Maine Attorney General, over 377,000 people were exposed in the attack. Continuum revealed that the threat actors breached its systems on October 18 and accessed patient data, which puts affected individuals at risk of identity theft, financial fraud, targeted phishing attacks, blackmail, and more. This article continues to discuss the Continuum hack.

The LockBit Ransomware-as-a-Service (RaaS) gang released confidential data it claims to be from a hospital in Cannes, France. The cybercrime ecosystem has previously targeted the French healthcare sector, with several attacks disrupting patient care in recent years. One incident in February compromised data on over 33 million people in France. The release of data from the Simone Veil hospital in Cannes comes after the hospital revealed it had received an extortion demand from LockBit.

The US Cybersecurity and Infrastructure Security Agency (CISA) warns that a critical vulnerability in GitLab's email verification process is being exploited for password hijacking. The flaw, tracked as CVE-2023-7028 with a CVSS score of 10, enables password reset messages to be sent to unverified email addresses, thus allowing attackers to take over the password reset process and accounts. This article continues to discuss the critical vulnerability in GitLab’s email verification process. 

Ukrainian national Yaroslav Vasinskyi was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his REvil ransomware involvement. The US Department of Justice (DOJ) reported that Vasinskyi, with the alias "Rabotnik," was involved in more than 2,500 REvil (Sodinokibi) ransom attacks, totaling $700 million in demands. The cybercriminal and his accomplices stole corporate data and threatened to leak it if the victim did not pay a ransom. This article continues to discuss the the history and sentencing of Vasinskyi.

Zscaler reports a rise in deepfake phishing and vishing attacks as generative Artificial Intelligence (AI) enhances social engineering. AI-driven phishing attacks use AI tools to improve campaign sophistication and effectiveness. Phishing becomes harder to detect as AI automates and personalizes attack steps. Threat actors can quickly analyze massive datasets to adjust their attacks and replicate legitimate communications and websites with precision using AI algorithms. Phishers can trick even the most aware users with this sophistication.

According to network performance management provider Netscout, Sweden has faced a wave of distributed denial of service (DDoS) attacks since it started the process of joining NATO. The company noted that after a 500 Gbps attack against the Swedish government infrastructure in May 2023, DDoS attacks against Swedish organizations increased consistently, picking up significantly in late 2023 with 730 Gbps attacks. In 2024, the attack volume rose significantly from February.

According to security researchers at ReliaQuest, LockBit, Black Basta, and Play have been the most active ransomware groups in Q1 2024, with Black Basta experiencing a notable 41% increase in activity. The researchers noted that LockBit faced a significant setback due to law enforcement actions in February and despite efforts to restore operations, LockBit’s activity decreased by 21% compared to the previous quarter.

Dropbox has recently disclosed a significant breach in its systems, exposing customers’ data to unauthorized entities. The incident, detailed in a new regulatory filing, primarily affected Dropbox Sign, a service akin to DocuSign, allowing users to manage documents online. According to the company, management became aware of the breach on April 24 and promptly initiated cybersecurity measures.