ESET warns that Telegram for Android was exploited to distribute malware disguised as videos. The cybersecurity company identified the vulnerability after finding an advertisement for a zero-day exploit targeting Telegram for Android on a cybercrime forum. The exploit is believed to have been developed using the Telegram Application Programming Interface (API), enabling developers to upload crafted multimedia files to Telegram chats or channels programmatically.

In January 2024, the Industrial Control System (ICS) malware "FrostyGoop" disrupted systems at a municipal district energy company in the Ukrainian city of Lvivy. The attacked facility provides central heating to 600 apartment buildings, so residents were left without heat. This article continues to discuss findings regarding the FrostyGoop ICS malware.

SecurityWeek reports "FrostyGoop ICS Malware Left Ukrainian City's Residents Without Heating"

According to Microsoft, CrowdStrike's faulty software update, which caused massive Information Technology (IT) outages worldwide, affected 8.5 million Windows devices. Microsoft has released a USB tool to help IT administrators repair Windows clients and servers impacted by the CrowdStrike Falcon agent issue. This article continues to discuss the number of Windows devices impacted by the faulty software update from CrowdStrike and the tool published by Microsoft to help administrators through the recovery process.

After the cybersecurity company CrowdStrike pushed a routine sensor configuration update that caused a logic error and a Blue Screen of Death (BSOD) on Windows systems, many organizations worldwide were disrupted. The CrowdStrike incident is now being used for phishing, scams, and malware delivery. As with other major global events, threat actors, especially financially motivated groups, have leveraged the chaos associated with the pursuit of information and solutions.

Southwest Research Institute (SwRI) engineers have identified cybersecurity vulnerabilities with Electric Vehicles (EVs) using direct current fast-charging systems. The technology uses Power Line Communication (PLC) to transmit smart-grid data between vehicles and charging equipment. SwRI exploited PLC layer vulnerabilities to gain access to network keys and digital addresses on the charger and the vehicle.

A new survey by Code42 found that 73 percent of life sciences companies are using Artificial Intelligence (AI) to fill the cybersecurity skills gap. According to Code42, the life sciences sector is at the forefront of AI use, with AI tools allowing cybersecurity teams to automate detection and response as well as free up resources for strategic tasks. However, AI use has drawbacks, as 86 percent of cybersecurity leaders say it puts their company at risk of data exfiltration.

By aekwall 

Florida-based safety equipment giant Cadre Holdings recently disclosed a cyberattack that has impacted some of the company’s operations.  The company provides safety and survivability products for first responders, federal agencies, outdoor recreation, and personal protection in over 100 countries.  Its products include body armor, bomb squad equipment, duty gear, and nuclear safety solutions.

UK law enforcement agencies recently infiltrated and took down DigitalStress, the world's most prolific underground marketplace offering distributed denial of service(DDoS) services.  The National Crime Agency (NCA) said that it had taken over and disabled DigitallStress on July 2 in collaboration with the Police Service of Northern Ireland (PSNI).  The NCA noted that DigitalStress was a marketplace offering DDoS-for-hire or "booter" services.  These services allow users to create accounts and order DDoS attacks within minutes.

UK police have recently arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective. Officers from the Regional Organised Crime Unit for the West Midlands (ROCUWM) joined officers from the National Crime Agency, in coordination with the United States Federal Bureau of Investigation (FBI), to make the arrest.  The authorities have seized the suspect's digital devices, which will be investigated for further evidence.