After breaching a target's network, "Qilin," the ransomware group suspected to have been behind the recent Synnovis attack, stole credentials stored in Google Chrome. According to researchers at Sophos X-Ops who detected the activity, this is an unusual tactic for ransomware groups as Qilin not only conducted an extortion attack but also carried out a credentials-harvesting scheme. This article continues to discuss Qilin's theft of credentials stored in Google Chrome.

Researchers have discovered a new macOS malware strain called "TodoSwift" that resembles the known malicious software used by North Korean hacking groups. According to Kandji security researcher Christopher Lopez, TodoSwift behaves similarly to malware originating in North Korea (DPRK), such as "KANDYKORN" and "RustBucket." This article continues to discuss findings regarding the TodoSwift macOS malware.

THN reports "New macOS Malware TodoSwift Linked to North Korean Hacking Groups"

US oil giant Halliburton recently confirmed its computer systems were hit by a cyberattack that continues to affect operations at its Houston, Texas, offices.  Halliburton, considered the world’s second largest oil service company, has engaged with external experts to investigate and mitigate the threat.  The company noted that the investigation into the incident is still ongoing, and more information will be provided in the future.  Halliburton employs about 55,000 through hundreds of subsidiaries, affiliates, and brands in more than 70 countries.

Lakera reports that 95 percent of cybersecurity experts have low confidence in Generative Artificial Intelligence (GenAI) security. In addition, red team data suggests that anyone can easily hack GenAI models. Anyone can use GenAI-specific prompt attacks to manipulate the models, gain unauthorized access, steal confidential data, and more. This article continues to discuss key findings from Lakera's "2024 GenAI Security Readiness Report."

Help Net Security reports "GenAI Models Are Easily Compromised"

The National Security Agency (NSA), together with the Australian Signals Directorate's Australian Cyber Security Centre (ASD ACSC) and international co-authors, has released a Cybersecurity Information Sheet (CSI) titled "Best Practices for Event Logging and Threat Detection." The new CSI aims to help protect against malicious actors using Living off the Land (LOTL) techniques. It delves into best practices for event logging and threat detection in cloud services, enterprise networks, mobile devices, and Operational Technology (OT) networks.

Researchers at Tenable have exploited a vulnerability in Microsoft's Copilot Studio tool to make external HTTP requests that could access sensitive information on internal services within a cloud environment, potentially affecting multiple tenants. The researchers found and exploited a Server-Side Request Forgery (SSRF) vulnerability in the chatbot creation tool. The exploitation of this flaw allowed them to access Microsoft's internal infrastructure, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances.