According to researchers at Check Point, hackers suspected of operating on behalf of the Iranian government have been targeting Iraqi government networks. Iran has been discovered to be conducting cyber espionage operations against various Iraqi entities, including the government. The attacks use custom malware and infrastructure designed for specific targets, with links to known threat actors previously associated with Iran's Ministry of Intelligence and Security (MOIS).

According to Endor Labs, about 95 percent of version upgrades of open source software include at least one breaking change that causes other components to fail. Patches have a 75 percent chance of causing a break. The problem of breaking changes is exacerbated by the finding that a quarter of vulnerable components require a major version update. This article continues to discuss key findings from Endor Labs' "Dependency Management Report."

Cybersecurity giant Fortinet has recently confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server.  Fortinet is one of the largest cybersecurity companies in the world.  Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance.  The threat actor then shared credentials to an alleged S3 bucket, where the stolen data is stored for other threat actors to download.

Checkmarx reports that Gallup fixed two Cross-Site Scripting (XSS) errors on its website that could have resulted in data theft and account takeovers. Gallup is known for its public opinion polls, including polls regarding US politics and elections. An attacker could have exploited the XSS flaws to trick victims into clicking links from the legitimate Gallup website that led to data extraction or session hijacking. This article continues to discuss the Gallup XSS errors and the impact these flaws could have had.  

GitLab has released critical updates for multiple vulnerabilities, one of which enables an attacker to trigger pipelines as arbitrary users under certain conditions. As part of GitLab's Continuous Integration/Continuous Delivery (CI/CD) system, the pipelines are automated workflows used in the building, testing, and deployment of code. They automate repetitive tasks and ensure codebase changes are tested and deployed consistently. The critical vulnerability can allow an attacker to execute environment stop actions as the owner of the stop action job.

Etay Maor, Chief Security Strategist and founding member of Cyber Threats Research Lab (CTRL) at Cato Networks, highlights some of the top tactics used by cybercriminals to evade traditional security measures. One example of an evasion tactic is the use of crypting-as-a-service providers on the dark web that offer cryptic and code obfuscation services. They involve reconfiguring known malware with a different signature set. As traditional anti-virus filters are signature-based, they cannot detect the tampered malware because it has a new signature.

Since cybercrime has made threat actors tens of billions of dollars over the past decade, the Federal Bureau of Investigation (FBI) has warned organizations to be on the lookout for Business Email Compromise (BEC) attempts. The FBI's Internet Crime Complaint Center (IC3) reported in a recent notice that over 305,000 BEC incidents cost US and global organizations nearly $55.5 billion between October 2013 and December 2023. This article continues to discuss the rising costs of BEC attacks and advice on how to mitigate BEC risk.

Transport for London (TfL) has recently confirmed that some customer data has been breached following a cyberattack on its systems.  The information accessed by the attackers includes names, email addresses, home addresses, and Oyster refund data, encompassing bank account numbers and sort codes for around 5000 customers.  The National Crime Agency (NCA) revealed it had arrested a 17-year-old male in Walsall, West Midlands, on suspicion of Computer Misuse Act offenses in relation to the TfL cyberattack.

According to security researchers at Sophos, schools, colleges, and universities face growing costs from ransomware attacks.  In a new study the researchers found that 44% of schools across 14 nations surveyed faced a ransom demand of $5m or more.  In higher education, 32% faced demands of between $1m and $5m, and 35% over $5m.  The researchers found that schools paid the highest median ransoms at $6.6m.  The researchers noted that the number of ransomware attacks against the education sector actually fell in 2024 compared with 2023.

Cisco recently announced patches for eight vulnerabilities in the IOS XR network operating system, including fixes for six high-severity bugs.  The most severe of the flaws is CVE-2024-20398 (CVSS score of 8.8), an insufficient validation of user arguments that IOS XR passes to specific CLI commands.  Cisco noted that an attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt.  A successful exploit could allow the attacker to elevate privileges to root.