According to new research, threat actors can use the DOS-to-NT path conversion process to achieve rootkit-like capabilities and conduct malicious activities such as concealing and impersonating files, directories, and processes. According to SafeBreach security researcher Or Yair, the DOS path at which the file or folder exists is converted to an NT path when a user executes a function with a path argument in Windows. During the conversion process, a known issue occurs: the function removes trailing dots from any path element and trailing spaces from the last path element.

According to the Shadowserver Foundation, a recently addressed vulnerability could affect about 6,000 Internet-accessible Palo Alto Networks firewalls. Palo Alto Networks disclosed the flaw on April 12 and began rolling out patches a few days later. State-sponsored threat actors had exploited the vulnerability, and this activity recently increased after Proof-of-Concept (PoC) code was released.

A hack that caused a small Texas town’s water system to overflow in January has recently been linked to a shadowy Russian hacktivist group. The attack was one of three on small towns in the rural Texas Panhandle. Local officials said the public was not in danger, and the attempts were reported to federal authorities. Mike Cypert, the city manager of Hale Center, said there were 37,000 attempts in four days to log into their firewall. He added that the attempted hack failed as the city “unplugged” the system and operated it manually.

Cannes Hospital Centre – Simone Veil (CHC-SV) recently shut down its systems in response to a cyberattack it fell victim to. Also known as the Broussailles Hospital, the healthcare organization decided to completely cut off computer access to contain the attack, which forced employees to turn to pen and paper to continue providing services to patients. CHC-SV says it is making all the efforts to ensure that it can provide the full range of care across its fields of activity, adding that it has been working with regional healthcare entities to redirect patients based on their needs.

The MITRE Corporation recently became the latest high-profile victim of an Ivanti-related breach after a nation-state actor compromised its R&D network via two chained zero-day vulnerabilities. The non-profit said the last time it suffered a significant cyber-incident like this was 15 years ago. MITRE noted that an unnamed state actor on this occasion comprised MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network that provides storage, computing, and networking resources.

According to Louisiana State University (LSU) researcher and professor Chen Wang, muting microphones and turning off cameras during video conferences may not provide users with the privacy they expect. A National Science Foundation (NSF) CAREER Award will help him in his efforts to reduce the risk posed by "micro signals" from those devices. Wang says that even when turned off, computer microphones and cameras can leak information beyond what is seen and heard via signals that are too small for humans to recognize but detectable by machines.

The US Department of Defense (DOD) has awarded Defense Established Program to Stimulate Competitive Research (DEPSCoR) grants to three researchers in the Ira A. Fulton Schools of Engineering at Arizona State University (ASU). The three researchers will each receive up to $600,000 over three years to research cybersecurity, cyber deception, and more. Adil Ahmad and his team want to revolutionize computer logging infrastructure with the DEPSCoR grant. They will use logs to improve cybersecurity.

According to Pentera, 93 percent of enterprises that admitted to a breach experienced unplanned downtime, data exposure, or financial loss. Pentera surveyed 450 Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), and Information Technology (IT) security leaders from companies with over 1,000 employees. On average, enterprises use 53 security solutions across their organization. However, despite large security stacks, 51 percent of enterprises reported a breach in the previous 24 months.

A threat actor called "BlackTech" has been targeting the Asia-Pacific region's technology, research, and government sectors. The attacks deliver an updated version of the modular backdoor named "Waterbear," and its enhanced successor, "Deuterbear." According to Trend Micro researchers, Waterbear is notoriously complex, using multiple evasion mechanisms to avoid detection and analysis. In 2022, "Earth Hundun" started using the new version of Waterbear, which includes several changes, such as anti-memory scanning and decryption routines.

A financially motivated criminal hacking group that calls itself "GhostR" claims to have stolen a confidential database containing millions of records companies use to screen potential customers for links to sanctions and financial crime. The hackers claimed they stole 5.3 million records from the World-Check screening database in March and are threatening to release the data online.