"GoldenJackal," an Advanced Persistent Threat (APT) hacking group, successfully breached air-gapped government systems in Europe. The APT group used two custom toolsets to steal sensitive data such as emails, encryption keys, images, archives, and documents. According to ESET, this occurred at least twice against the embassy of a South Asian country in Belarus and a European government organization. This article continues to discuss new findings regarding GoldenJackal's attacks on air-gapped government systems. 

According to the security vendor Egress, phishing attempts increased 28 percent in the second quarter of the year as threat actors gained new tools. An analysis of phishing kits offered for sale on the dark web found that 75 percent advertised Artificial Intelligence (AI) capability. This article continues to discuss findings regarding the rise in phishing attacks.

SC Media reports "Phishing Attacks Armed With AI Capabilities Are on the Rise"

Submitted by grigby1

The 2024 "Tenable Cloud Risk Report" found that 38 percent of organizations worldwide face critical exposures due to a mix of security gaps in modern cloud environments. The report identified a "toxic cloud triad" of publicly exposed, critically vulnerable, and highly privileged cloud workloads that put these companies at risk. This triad makes them vulnerable to cyberattacks that could disrupt applications, take over systems, and steal data. This article continues to discuss key findings regarding cloud security risks.

According to the US Department of Justice (DoJ), a Ukrainian national named Mark Sokolovsky pleaded guilty to operating the "Raccoon Infostealer" malware in US federal court. Sokolovsky was previously accused of being one of the "key administrators" of the malware that steals email addresses, ID numbers, bank account details, and cryptocurrency information. Raccoon Infostealer was sold as Malware-as-a-Service (MaaS) for $200 per month in cryptocurrency. This article continues to discuss the Raccoon Infostealer malware and the Ukrainian national who has pleaded guilty to running it.

The US Department of Health and Human Services (HHS) warns of "Trinity" ransomware attacks on healthcare and public health organizations. HHS notes that Trinity, a relatively new ransomware family first seen in May 2024, adds the '.trinitylock' extension to encrypted files. It has similarities to "2023Lock" and "Venus" ransomware. This article continues to discuss the Trinity ransomware attacks faced by the healthcare sector.  

Secureworks has seen a 30 percent year-over-year increase in active ransomware groups despite law enforcement efforts to stop ransomware gangs. The company's eighth annual "State of the Threat Report" identified 31 new ransomware groups that had emerged in the past 12 months. According to the report, the threat landscape has shifted from a few big players to a wider range of emerging entities. The three most active ransomware groups by number of victims are "LockBit," "PLAY," and "RansomHub." This article continues to discuss key findings from Secureworks' State of The Threat Report.

Danish company LEGO recently had its official website compromised on the evening of Oct. 4 to promote a cryptocurrency scam. Attackers placed an ad on the Lego website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum. The company immediately took down the banner ad. The company said no user accounts have been compromised, and customers can continue shopping as usual.

Hackers recently stole sensitive employee data from a software-as-a-service company, CreditRiskMonitor.com.  CreditRiskMonitor.com advises consumers on trade credit and provides supply chain risk monitoring.  The company said that hackers got away with an unspecified amount of data between July 9 and July 17.  The stolen files included personally identifiable information of employees and independent contractors but did not include customer data.