According to HP Wolf Security, DarkGate cybercriminals are using legal advertising tools to hide their malicious campaigns and track victims' responses to malware links. HP Wolf Security's latest insights delve into DarkGate, a cybercriminal group that uses legal advertising tools to supplement their spam-based malware campaigns. The DarkGate gang, which has been operating as a malware provider since 2018, shifted tactics last year to use legitimate advertising networks as a way to track victims and avoid detection.

Researchers at Aqua have discovered that threat actors can use the well-known utility called command-not-found to recommend their own rogue packages and compromise systems running the Ubuntu operating system. Although the command-not-found tool is convenient for suggesting installations for uninstalled commands, attackers can manipulate it through the snap repository, resulting in deceptive recommendations of malicious packages. The utility is installed by default on Ubuntu systems and suggests packages to install in interactive bash sessions when trying to execute unavailable commands.

A team of researchers from Emporia State University and the University of Allahabad developed a novel blockchain system for medical device monitoring dubbed HNMBlock. According to the team, HNMBlock is a server-based blockchain network that brings Internet of Things (IoT) devices used in the medical field together with secure data storage and retrieval. The HNMBlock model can be expanded to include token-based patient participation incentives, encrypted file security, and real-time device monitoring. This article continues to discuss the purpose and research behind the HNMBlock model.

Turla, a Russia-sponsored Advanced Persistent Threat (APT) group, is now targeting Polish Non-Governmental Organizations (NGOs) in a cyber espionage campaign involving a newly developed backdoor with modular capabilities. According to information shared by Cisco Talos on Turla, the backdoor used in the attacks, dubbed TinyTurla-NG, functions similarly to the APT's known custom malware called TinyTurla.

Pennsylvania's state courts agency recently announced that it never received a ransom demand as part of a cyberattack that briefly shut down some of its online services earlier this month.  The agency said the attack was a DDoS attack on the Administrative Office of Pennsylvania Courts website, which disabled some online portals and systems that were all fully restored this week.  The agency noted that the attack didn't compromise any data or stop the courts from operating on a normal schedule.

Prudential Financial has recently disclosed a cybersecurity breach.  The breach on February 5, 2024, involved unauthorized access to certain company systems.  In a filing with the US Securities and Exchange Commission (SEC) on February 12, 2024, Prudential said it immediately activated its cybersecurity incident response protocol and is working with external experts to investigate and mitigate the incident.  Prudential suspects the involvement of a cybercrime group.

A new report from Menlo Security reveals that 55 percent of all generative Artificial Intelligence (AI) inputs include sensitive and Personally Identifiable Information (PII). Menlo Security's "The Continued Impact of Generative AI on Security Posture" report analyzed employee usage of generative AI and the security risks this usage poses to organizations. New platforms and features have grown in popularity, but they have also introduced new cybersecurity risks to businesses. One example from the report showed an 80 percent increase in attempted file uploads to generative AI websites.

Researchers have discovered two new vulnerabilities in open-source Wi-Fi software that enable attackers to trick victims into connecting to malicious clones of trusted networks, intercept their traffic, and join networks without a password. Top10VPN collaborated with security researcher Mathy Vanhoef to uncover the new Wi-Fi authentication vulnerabilities and has shared details now that they have been patched. This article continues to discuss the potential exploitation and impact of the Wi-Fi authentication vulnerabilities.

The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders.  An additional $5 million bounty is also available for tips on individuals trying to take part in ALPHV ransomware attacks, likely to discourage affiliates and initial access brokers.  The ransomware gang conducted over 60 breaches worldwide during its first four months of activity between November 2021 and March 2022.

According to a new report from the communications infrastructure provider Zayo Group, Distributed Denial-of-Service (DDoS) attacks are becoming longer and more expensive. Research has found that the average length of an attack increased by over 400 percent between the first and fourth quarters of last year, from 24 minutes to 121 minutes. In 2023, the average DDoS attack lasted 68 minutes, with impacted organizations paying an average of $5,896 per minute for a total average cost of $407,727.