According to security researchers at Trend Micro, more threat actors have started exploiting two recently resolved vulnerabilities in the ConnectWise ScreenConnect remote desktop access software.  The issues tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4) are described as an authentication bypass flaw and a path traversal bug.  The researchers noted that ConnectWise disclosed the security defects on February 19, when it announced patches for them.  Two days later, the company updated its advisory to warn of ongoing exploitation.

The National Security Agency (NSA), together with the Federal Bureau of Investigation (FBI) and other co-sealers, has released a Cybersecurity Advisory (CSA) titled "Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations," detailing observed activities, mitigation recommendations, and more.

The US Department of Energy (DOE) has announced the selection of 16 projects across six states aimed at protecting the country's energy sector from cyberattacks. Selected projects, managed by DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER), will contribute to the development of new cybersecurity tools and technologies focused on reducing cyber risks and strengthening the resilience of America's energy systems. Cyberattacks can significantly disrupt the steady flow of energy to American homes, businesses, and communities.

According to Forcepoint researchers, scammers are targeting users of the popular travel-related service provider Booking.com with Agent Tesla malware disguised as inquiries. Attackers send emails impersonating Booking.com, instructing the recipient to check an attached malware-infected PDF for a card statement. They exploit the stress caused by last-minute travel-related emails. Agent Tesla malware is an advanced Remote Access Trojan (RAT) that serves as a keylogger and information stealer. It is one of the most widely used RATs, impacting up to 7 percent of organizations worldwide.

Cybersecurity researchers at Patchstack have discovered a significant vulnerability in a WordPress plugin.  The vulnerability affects the LiteSpeed Cache plugin, which boasts over 4 million active installations and presents a risk of unauthenticated site-wide stored XSS (cross-site scripting).  The researchers noted that this could potentially allow unauthorized access to sensitive information or privilege escalation on affected WordPress sites via a single HTTP request.

For nearly two months, malicious JavaScript code hidden within a Tornado Cash governance proposal has been leaking deposit notes and data to a private server. Tornado Cash is a decentralized, open-source mixer on the Ethereum blockchain that ensures transaction privacy through non-custodial, trustless, and serverless anonymization. Governance proposals in Decentralized Autonomous Organizations (DAOs) such as Tornado Cash are important mechanisms for establishing strategic directions, presenting updates, and changing the core of technical protocols.

The Rhysida ransomware gang is demanding $3.4 million after attacking Lurie Children's Hospital, forcing staff to use manual processes to take care of patients. The Rhysida Ransomware-as-a-Service (RaaS) group, which emerged in May 2023 and has previously disrupted 16 hospitals in the US, has now added Lurie Children's Hospital to its darknet extortion site. The hospital is one of the largest pediatric healthcare organizations in the Midwest, serving 239,000 children annually and treating more children with cancer and blood disorders than any other hospital in Illinois.

Canadian authorities recently were scrambling to respond to cyberattacks targeting the Royal Canadian Mounted Police (RCMP) and Global Affairs Canada.

According to security researchers at Guardio, thousands of domains, many once owned by major companies, have been abused to get millions of emails past spam filters.  The researchers came across a significant campaign dubbed SubdoMailing and attributed it to a threat actor named ResurrecAds.  The researchers reported identifying roughly 8,800 hijacked domains, specifically over 13,000 associated subdomains, being used to send out approximately five million emails per day.  The researchers noted that the number of abused domains is growing by the hundreds every day.

The National Institute of Standards and Technology (NIST) has updated the Cybersecurity Framework (CSF), its widely used guidance document for reducing cybersecurity risk. The 2.0 edition is for all audiences, industry sectors, and organizational types, regardless of their level of cybersecurity sophistication. In response to comments received on the draft version, NIST expanded the CSF's core guidance and produced related resources to help users make the most of the framework.