The Counter Ransomware Initiative (CRI) has released new guidance to encourage organizations to consider other options before giving in to cybercriminals' ransomware demands. The new guidance aims to minimize the impact of a ransomware incident as well as reduce the number and size of ransoms paid by victims. The guidance discourages businesses from paying but acknowledges that there are situations where victims may be pressured to pay. However, the UK government does not condone ransom payments.

Tens of thousands of DrayTek routers, including models used by many businesses and government agencies, are at risk of attack due to 14 newly discovered firmware vulnerabilities. Several flaws could lead to Denial-of-Service (DoS) and Remote Code Execution (RCE) attacks. The other vulnerabilities enable threat actors to carry out data theft, session hijacking, and other malicious activities. This article continues to discuss the vulnerabilities impacting thousands of DrayTek routers.

Claroty surveyed 1,100 cybersecurity professionals responsible for securing Cyber-Physical Systems (CPS), including Operational Technology (OT), Internet of Things (IoT), Building Management Systems (BMS), and more. The survey found that 45 percent of organizations suffered losses of $500,000 or more in the past year, and 27 percent faced losses of $1 million or more.

The North Korean state-sponsored threat actor known as "APT37" is spreading a new backdoor named "VeilShell." Most North Korean Advanced Persistent Threats (APTs) target South Korean or Japanese organizations, but APT37's latest campaign appears to target Cambodia, a country Kim Jong-Un has more complicated relations with. According to Securonix, APT37 has been sending malicious emails in the Khmer language about Cambodian affairs to attract victims.

Researchers at Elastic found that off-the-shelf offensive security tools and poorly configured cloud environments expand the attack surface. About 54 percent of malware alerts involved offensive security tools such as Cobalt Strike and Metasploit. The most prevalent malware family this year was Cobalt Strike, with 27.02 percent of infections. Cobalt Strike is a commercial post-exploitation framework that threat actors often steal and use for their own malicious activities.

Security vulnerabilities are a major issue in Artificial Intelligence (AI)-powered code generation. Therefore, Khiem Ton, a Ph.D. student, and his colleagues at the New Jersey Institute of Technology (NJIT) developed "SGCode," a system that uses advanced AI and security analysis tools to detect and fix security flaws during code creation. SGCode includes Large Language Models (LLMs) such as GPT-4, a graph-based Generative Adversarial Network (gGAN), and security analysis tools. The flexible system lets users switch between code security optimization methods.

In a Distributed Denial-of-Service (DDoS) campaign aimed at financial services, Internet, and telecommunications companies, volumetric attacks peaked at 3.8 terabits per second (Tbps), the largest publicly recorded. The campaign involved over 100 hyper-volumetric DDoS attacks that flooded network infrastructure with garbage data. A volumetric DDoS attack overwhelms the target with large amounts of data, consuming bandwidth or exhausting the resources of applications and devices, denying legitimate users access.

The National Security Agency (NSA), together with the Australian Signals Directorate's Australian Cyber Security Centre (ASD ACSC) and others, released a new Cybersecurity Information Sheet (CSI) titled "Principles of Operational Technology Cyber Security." The CSI delves into six principles for creating and maintaining a safe, secure critical infrastructure Operational Technology (OT) environment. The guidance aims to help improve cybersecurity methods for protecting water, energy, transportation, and more. This article continues the new CSI on OT cybersecurity.

The new "FakeUpdate" campaign targeting users in France involves compromised websites that display fake browser and app updates, which deliver a new version of the WarmCookie backdoor. The threat group "SocGolish" compromises or creates fake websites to display fake update prompts for web browsers, Java, VMware Workstation, WebEx, and Proton VPN. If a user clicks on the legitimate-looking update prompts, a fake update is downloaded that drops cryptocurrency drainers, ransomware, and more. This article continues to discuss the FakeUpdate campaign.