North Korean hackers have been exploiting eScan antivirus' updating mechanism to install backdoors on large corporate networks and deliver cryptocurrency miners via "GuptiMiner" malware. GuptiMiner is described as "a highly sophisticated threat" capable of making Domain Name System (DNS) requests to the attacker's DNS servers, extracting payloads from images, signing payloads, and performing Dynamic Link Library (DLL) sideloading.

Synlab Italia has recently suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. Part of the Synlab group that is present in 30 countries worldwide, the Synlab Italia network operates 380 labs and medical centers across Italy. The company announced that it had suffered a security breach in the early hours of April 18, which forced it to shut down all computers to limit the damaging activity. No specific recovery timeline was provided.

The recently disclosed Palo Alto Networks firewall vulnerability tracked as CVE-2024-3400, which has been exploited in attacks for at least one month, has recently been found to impact one of Siemens’ industrial products. In a recent advisory, Siemens revealed that its Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual next-generation firewall (NGFW) could be affected by CVE-2024-3400.

According to Ukraine's Community Emergency Response Team (CERT-UA), Russia's APT44, also known as "Sandworm," launched an attack on Ukrainian critical infrastructure in March. The group targeted 20 sites in an attempt to strengthen the impact of missile strikes on the country. The attack impacted energy, heating, and water facilities in 10 regions of the country.

According to Mandiant's 15th annual M-Trends 2024 report, global median dwell time, or the average amount of time attackers remain undetected on a target's network after gaining unauthorized access, has reached the lowest point in over a decade. The shorter median dwell time is one of several findings suggesting that organizations have significantly improved their defensive capabilities for detecting malicious activity. Shorter dwell times were found to be driven by a higher proportion of ransomware incidents in 2023, indicating that ransomware is more detectable.

The LockBit ransomware gang has recently leaked 1Gb of data allegedly stolen from the District of Columbia’s Department of Insurance, Securities and Banking (DISB). LockBit claims to be in possession of 800 GB of data pertaining to DISB, the US Securities and Exchange Commission (SEC), Delaware banking institutions, and other financial entities and threatens to release it unless DISB pays a ransom.

Ning Zhang, an assistant professor of computer science and engineering at Washington University in St. Louis, was among three winners of the US Federal Trade Commission's (FTC) Voice Cloning Challenge. "DeFake," Zhang's winning project, uses watermarking for voice recordings. The tool adds carefully crafted distortions that are imperceptible to the human ear to recordings, which makes cloning more difficult by removing usable voice samples. DeFake involves applying adversarial Artificial Intelligence (AI).

Microsoft warns that the Russian threat group "APT28" uses "GooseEgg," a previously unknown hacking tool, to exploit a Windows Print Spooler vulnerability. Through this exploitation, they escalate privileges as well as steal credentials and data. APT28 created this tool to target the vulnerability, tracked as CVE-2022-38028 and reported by the US National Security Agency (NSA.) Redmond fixed the flaw during the Microsoft October 2022 Patch Tuesday.

Researchers at Legit Security discovered a dependency confusion vulnerability in an archived Apache project. The finding emphasizes the importance of analyzing third-party projects and dependencies, especially those that have been archived or possibly neglected when it comes to security updates. Dependency confusion, also known as "dependency hijacking" or "substitution attack," allows attackers to launch software supply chain attacks by exploiting vulnerable dependencies in open source software.