Global pharmaceutical solutions provider Cencora recently announced that it fell victim to a cyberattack that resulted in personal information being stolen from its systems.  The data breach was identified on February 21.  It is currently unclear exactly what type of data has been exfiltrated and who it belongs to, whether it’s employees or customers.  The company noted that it has taken steps to contain the incident, and an investigation has been launched with the assistance of law enforcement and external cybersecurity experts, but it provided no further details.

Xeno RAT has been made available on GitHub, allowing other threat actors to use it. According to its developer, the open-source Remote Access Trojan (RAT), written in C# and compatible with Windows 10 and Windows 11 operating systems, includes a comprehensive set of features for remote system management. It has a SOCKS5 reverse proxy and real-time audio recording capability, as well as a Hidden Virtual Network Computing (HVNC) module. The developer says Xeno RAT was made from scratch, resulting in a one-of-a-kind and customized approach to remote access tools.

A team of scientists in China has introduced a quantum communication technique that could help protect Web 3.0 from the threat of quantum computing. According to the team, their approach, Long-Distance Free-Space Quantum Secure Direct Communication (LF QSDC), improves data security by allowing encrypted direct messaging without needing key exchange, which is traditionally vulnerable to quantum attacks. They add that the approach bolsters security and adheres to the decentralized ethos of Web 3.0, providing a strong defense in the digital landscape.

According to security researchers at Trend Micro, more threat actors have started exploiting two recently resolved vulnerabilities in the ConnectWise ScreenConnect remote desktop access software.  The issues tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4) are described as an authentication bypass flaw and a path traversal bug.  The researchers noted that ConnectWise disclosed the security defects on February 19, when it announced patches for them.  Two days later, the company updated its advisory to warn of ongoing exploitation.

The National Security Agency (NSA), together with the Federal Bureau of Investigation (FBI) and other co-sealers, has released a Cybersecurity Advisory (CSA) titled "Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations," detailing observed activities, mitigation recommendations, and more.

The US Department of Energy (DOE) has announced the selection of 16 projects across six states aimed at protecting the country's energy sector from cyberattacks. Selected projects, managed by DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER), will contribute to the development of new cybersecurity tools and technologies focused on reducing cyber risks and strengthening the resilience of America's energy systems. Cyberattacks can significantly disrupt the steady flow of energy to American homes, businesses, and communities.

According to Forcepoint researchers, scammers are targeting users of the popular travel-related service provider Booking.com with Agent Tesla malware disguised as inquiries. Attackers send emails impersonating Booking.com, instructing the recipient to check an attached malware-infected PDF for a card statement. They exploit the stress caused by last-minute travel-related emails. Agent Tesla malware is an advanced Remote Access Trojan (RAT) that serves as a keylogger and information stealer. It is one of the most widely used RATs, impacting up to 7 percent of organizations worldwide.

Cybersecurity researchers at Patchstack have discovered a significant vulnerability in a WordPress plugin.  The vulnerability affects the LiteSpeed Cache plugin, which boasts over 4 million active installations and presents a risk of unauthenticated site-wide stored XSS (cross-site scripting).  The researchers noted that this could potentially allow unauthorized access to sensitive information or privilege escalation on affected WordPress sites via a single HTTP request.

For nearly two months, malicious JavaScript code hidden within a Tornado Cash governance proposal has been leaking deposit notes and data to a private server. Tornado Cash is a decentralized, open-source mixer on the Ethereum blockchain that ensures transaction privacy through non-custodial, trustless, and serverless anonymization. Governance proposals in Decentralized Autonomous Organizations (DAOs) such as Tornado Cash are important mechanisms for establishing strategic directions, presenting updates, and changing the core of technical protocols.

The Rhysida ransomware gang is demanding $3.4 million after attacking Lurie Children's Hospital, forcing staff to use manual processes to take care of patients. The Rhysida Ransomware-as-a-Service (RaaS) group, which emerged in May 2023 and has previously disrupted 16 hospitals in the US, has now added Lurie Children's Hospital to its darknet extortion site. The hospital is one of the largest pediatric healthcare organizations in the Midwest, serving 239,000 children annually and treating more children with cancer and blood disorders than any other hospital in Illinois.