A new malware named "Vo1d" has infected about 1.3 million Android-based TV boxes running outdated operating systems and owned by users in 197 countries. The antivirus vendor Doctor Web described it as a backdoor that hides its components in the system storage area and, when commanded by attackers, secretly downloads and installs third-party software. Most infections are in Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria, and Indonesia.

According to ReversingLabs, "Lazarus Group" is continuing its "VMConnect" campaign by distributing new malicious software packages to developers via open source repositories. The North Korean group masqueraded as Capital One employees and used fake job interviews to trick developers into downloading the malware. The malware installs malicious downloaders on developer systems that can fetch second and third-stage malware, such as backdoors and infostealers. This article continues to discuss findings regarding the continued VMConnect campaign.  

According to researchers at Check Point, hackers suspected of operating on behalf of the Iranian government have been targeting Iraqi government networks. Iran has been discovered to be conducting cyber espionage operations against various Iraqi entities, including the government. The attacks use custom malware and infrastructure designed for specific targets, with links to known threat actors previously associated with Iran's Ministry of Intelligence and Security (MOIS).

According to Endor Labs, about 95 percent of version upgrades of open source software include at least one breaking change that causes other components to fail. Patches have a 75 percent chance of causing a break. The problem of breaking changes is exacerbated by the finding that a quarter of vulnerable components require a major version update. This article continues to discuss key findings from Endor Labs' "Dependency Management Report."

Cybersecurity giant Fortinet has recently confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server.  Fortinet is one of the largest cybersecurity companies in the world.  Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance.  The threat actor then shared credentials to an alleged S3 bucket, where the stolen data is stored for other threat actors to download.

Checkmarx reports that Gallup fixed two Cross-Site Scripting (XSS) errors on its website that could have resulted in data theft and account takeovers. Gallup is known for its public opinion polls, including polls regarding US politics and elections. An attacker could have exploited the XSS flaws to trick victims into clicking links from the legitimate Gallup website that led to data extraction or session hijacking. This article continues to discuss the Gallup XSS errors and the impact these flaws could have had.  

GitLab has released critical updates for multiple vulnerabilities, one of which enables an attacker to trigger pipelines as arbitrary users under certain conditions. As part of GitLab's Continuous Integration/Continuous Delivery (CI/CD) system, the pipelines are automated workflows used in the building, testing, and deployment of code. They automate repetitive tasks and ensure codebase changes are tested and deployed consistently. The critical vulnerability can allow an attacker to execute environment stop actions as the owner of the stop action job.

Etay Maor, Chief Security Strategist and founding member of Cyber Threats Research Lab (CTRL) at Cato Networks, highlights some of the top tactics used by cybercriminals to evade traditional security measures. One example of an evasion tactic is the use of crypting-as-a-service providers on the dark web that offer cryptic and code obfuscation services. They involve reconfiguring known malware with a different signature set. As traditional anti-virus filters are signature-based, they cannot detect the tampered malware because it has a new signature.

Since cybercrime has made threat actors tens of billions of dollars over the past decade, the Federal Bureau of Investigation (FBI) has warned organizations to be on the lookout for Business Email Compromise (BEC) attempts. The FBI's Internet Crime Complaint Center (IC3) reported in a recent notice that over 305,000 BEC incidents cost US and global organizations nearly $55.5 billion between October 2013 and December 2023. This article continues to discuss the rising costs of BEC attacks and advice on how to mitigate BEC risk.

Transport for London (TfL) has recently confirmed that some customer data has been breached following a cyberattack on its systems.  The information accessed by the attackers includes names, email addresses, home addresses, and Oyster refund data, encompassing bank account numbers and sort codes for around 5000 customers.  The National Crime Agency (NCA) revealed it had arrested a 17-year-old male in Walsall, West Midlands, on suspicion of Computer Misuse Act offenses in relation to the TfL cyberattack.