G Data CyberDefense discovered multiple GitHub repositories posing as cracked software codes and attempting to drop the RisePro infostealer on victim systems. The campaign involves a new variant of the RisePro infostealer malware designed to crash malware analysis tools such as IDA and ResourceHacker. The cybersecurity company found at least 13 repositories belonging to the RisePro stealer campaign, dubbed "Gitgub" by the threat actors. The repositories are all similar and contain a README.md file that promises free cracked software.

A Moldovan national has recently been sentenced to 42 months in prison in the US for operating an illicit marketplace on which hundreds of thousands of compromised credentials were offered for sale.  According to the Department of Justice (DoJ), Sandu Boris Diaconu, 31, created and managed E-Root Marketplace, a series of websites for selling access to compromised systems.  Diaconu was arrested in the UK in May 2021 and extradited to the US in October 2023.  He pleaded guilty in December 2023.

Hackers are increasingly using cookies to gain unauthorized access to sessions and accounts. Cookie hijacking involves hackers stealing session cookies, which are small files used by apps and websites to recognize returning users and provide personalized experiences. Their use among cybercriminals has increased significantly in recent months. Most hackers have attempted to gain access to user accounts by obtaining usernames and passwords.

According to Mimecast, many human risk factors, which make up most of today's biggest cybersecurity gap, remain unaddressed and beyond the control of security professionals. Human factors have caused 74 percent of all cyber breaches, which include errors, stolen credentials, misuse of access privileges, and social engineering. The concern is even more significant in certain sectors, such as the public sector, where 87 percent of respondents are worried that employee email and social media lapses will harm their organization.

Japanese technology giant Fujitsu recently announced that it fell victim to a cyberattack that likely resulted in the theft of personal and customer information.  According to the company, it discovered that multiple work computers within its environment were infected with malware and disconnected them from the network.  Fujitsu did not share details on the type of malware attack it fell victim to, what personal information was stolen, how many people might have been affected, and whether the breach is limited to its Japanese offices.

According to Rob Joyce, the National Security Agency's (NSA) outgoing cybersecurity director, the US is still identifying victims of the China-backed hacking group "Volt Typhoon." The group was the subject of a recent takedown by the Federal Bureau of Investigation (FBI) and other official advisories over the past year. The Volt Typhoon hacking group had been latching onto critical infrastructure using compromised equipment, including Internet routers and cameras. This article discusses the continued effort to identify victims targeted by the extensive China-backed hacking campaign.

The United Arab Emirates' (UAE) rapid adoption of Information Technology (IT) and Operational Technology (OT) has significantly increased its attack surface, with nearly 155,000 remotely accessible assets left vulnerable because of misconfigurations and insecure applications. According to the "State of the UAE Cybersecurity Report 2024, remote access points, network administration interfaces, insecure network devices, and other assets were found to be vulnerable.

The US Department of Defense (DoD) recently announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program (VDP) launched in November 2016.  The program was initiated following a successful "Hack the Pentagon" bug bounty program running on HackerOne, which was followed by similar programs covering Air Force, Marine Corps, Army, and Defense Travel System assets.

In mid-January 2024, researchers at the Zero Day Initiative (ZDI) discovered a DarkGate campaign that exploited the Windows zero-day flaw, tracked as CVE-2024-21412, using fake software installers. An unauthenticated attacker can exploit the flaw by sending the victim a specially crafted file that bypasses the displayed security checks. The attacker must trick the victims into clicking the file link.

A leaked database containing over 70 million records, allegedly stolen from AT&T, is now on the illicit marketplace BreachForums nearly for free. Some researchers have confirmed the legitimacy of the data, but it is unclear how the hackers got it. The seller claims that ShinyHunters, a criminal group, obtained the data in 2021. The data has previously been made public. In 2022, Cybernews reported that ShinyHunters demanded at least $200,000 for 70 million records allegedly belonging to AT&T.