Researchers have discovered a new hacking group named "AlphaLock," which presents itself as a "pentesting training organization" that provides training to hackers and then monetizes their services through a dedicated affiliate program. AlphaLock seems relatively sophisticated and active on Telegram, Matrix, and the dark web forum XSS. Their business model is composed of the Bazooka Code Pentest Training and the ALPentest Hacking Marketplace. This article continues to discuss the business model and launch of the AlphaLock group.

Threat actors are targeting publicly accessible Docker Engine Application Programming Interface (API) instances as part of a campaign to co-opt the machines into the OracleIV Distributed Denial-of-Service (DDoS) botnet. According to Cado researchers, the attackers are exploiting this misconfiguration to deliver a malicious Docker container built from an image named 'oracleiv_latest,' containing Python malware compiled as an ELF executable.

Since its inception, the Royal ransomware gang has targeted at least 350 organizations worldwide, with ransom demands exceeding $275 million.  According to the US cybersecurity agency CISA and the FBI, the cybercriminals may be preparing to rebrand their operation.  The group has been active since at least September 2022.  In March 2023, CISA and the FBI issued an alert on the Royal ransomware operation, urging organizations to implement security best practices to protect their environments against Royal and other ransomware attacks.

Researchers have demonstrated for the first time that a large portion of the cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when natural computational errors happen during the establishing of the connection. They used their findings to calculate the private portion of about 200 unique SSH keys they observed in public Internet scans carried out over the past seven years. The researchers believe that keys used in IPsec connections may face the same fate. This article continues to discuss the new attack.

With new automation tools, cybercriminals can now exploit users in many new ways, but at least two stand out as particularly concerning this year: Multi-Factor Authentication (MFA) attacks and Search Engine Optimization (SEO) poisoning. MFA has long been a critical component of business security, and most companies now require it to make it more difficult for adversaries to gain access to and take over accounts. However, cybercriminals are integrating new methods to bypass MFA into their phishing attacks by intercepting or sidestepping generated codes.

According to a recent survey of federal agencies' defensive cyber operations, Artificial Intelligence (AI) tools can help the government better identify and defend against various cyber threats. The report recently released by General Dynamics Information Technology (GDIT) found that many federal officials were overwhelmed with data as well as concerned about human oversight and staffing challenges' impact on existing cyber risks, which AI could address.

Moneris, a payment processing company with clients including Starbucks and IKEA, has been listed on the Medusa ransomware gang's dark web blog. Several samples of the data allegedly stolen in the attack against Moneris are included in the post. The attackers provided screenshots of email conversations, transaction data, and other sensitive information. According to the post, they want the company to pay $6 million to return the stolen data. However, paying attackers does not always imply that data is safe, as cybercriminals sometimes take the money and publish the data.

Trend Micro researchers created a risk matrix by comparing the 16 most active infostealer malware variants across Russian Market and 2easy.shop, two dark web marketplaces. It estimated how "at risk" a piece of stolen data is once it is in a cybercriminal's possession. Cryptocurrency wallets and website credentials were tied first because they are among the most monetizable types of data and the easiest to find on underground sites. Other categories, such as Wi-Fi credentials and desktop screenshots, are less risky because they are more difficult to sell and abuse.

Sapphire Sleet, also known as APT38, BlueNoroff, CageyChameleon, and CryptoCore, is a subgroup of the Lazarus Advanced Persistent Threat (APT) group. The APT group has targeted cryptocurrency exchanges, venture capital firms, and banks. Microsoft researchers are warning of a new social engineering campaign targeting Information Technology (IT) job seekers involving fake skills assessment portals. Sapphire Sleet has previously been observed using platforms such as LinkedIn and applying lures related to skills assessment.