Microsoft is experimenting with a new security mitigation to combat the rise in cyberattacks involving the exploitation of vulnerabilities in the Windows Common Log File System (CLFS). The software maker will add a new verification step to CLFS logfile parsing to cover an attack surface attractive to Advanced Persistent Threats (APTs) and ransomware attackers.

Last month, a North Korean intelligence threat actor exploited two novel vulnerabilities to steal from the cryptocurrency industry and fund the Kim Jong Un regime. Microsoft has revealed that an Advanced Persistent Threat (APT) within Bureau 121 of North Korea's Reconnaissance General Bureau, tracked as "Citrine Sleet," chained together previously unknown flaws in Windows and Chromium browsers. They also used a rootkit to gain deep system access before stealing from targets. This article continues to discuss findings regarding the Citrine Sleet APT.

YubiKey security keys can be cloned through a side-channel attack involving the exploitation of a vulnerability in a third-party cryptographic library. The attack called "Eucleak" was demonstrated by NinjaLab. Yubico, the company behind YubiKey, has released a security advisory in response to this discovery. YubiKey hardware authentication devices allow users to securely access their accounts using FIDO authentication. The Eucleak attack exploits a vulnerability in an Infineon cryptographic library used by YubiKey and other vendors' products.

Threat actors are using MacroPack, a tool designed for red team exercises, to deploy malware. Cisco Talos researchers discovered several related Microsoft documents uploaded to VirusTotal between May and July 2024. All of them were created by a version of a payload generator framework, MacroPack. A variety of actors and countries, including China, Pakistan, Russia, and the US, uploaded the documents.

The White House has released a roadmap to address Internet routing security issues, specifically Border Gateway Protocol (BGP) vulnerabilities. The BGP protocol is used in the exchange of routing information between Autonomous Systems (AS) on the Internet, but this critical component was not designed with security in mind. Potentially serious vulnerabilities have been discovered in the past years that can allow threat actors to redirect internet traffic. They can lead to disruptions to critical infrastructure, the theft of sensitive information, and more.

In a new update, US oil service giant Halliburton confirmed corporate data was stolen from its computer systems during an August ransomware cyberattack.  The company noted that it is evaluating the nature and scope of the information.  The company’s acknowledgment of data loss comes just days after the US government pinned the blame for the cyberattack on a known ransomware gang called RansomHub. Halliburton employs about 55,000 through hundreds of subsidiaries, affiliates, and brands in more than 70 countries.

Zyxel recently announced patches for multiple vulnerabilities in its networking devices, including a critical severity flaw affecting multiple access points (AP) and security router models.  The critical bug tracked as CVE-2024-7261 (CVSS score of 9.8) is described as an OS command injection issue that could be exploited by remote, unauthenticated attackers via crafted cookies.  The company has released security updates to address the bug in 28 AP products and one security router model.

According to a new study led by the University of Minnesota School of Public Health, although ransomware attacks are more likely in urban areas, operational disruptions may have a greater impact on financially vulnerable rural hospitals and their patients. Patients at rural hospitals are often older, with more health issues and pre-existing barriers to healthcare. Researchers analyzed data on the operations of 43 rural hospitals and 117 urban hospitals that have been hit by ransomware attacks between 2016 and 2021.

The Federal Bureau of Investigation (FBI) warns of North Korean hacking groups performing sophisticated social engineering attacks against cryptocurrency companies and their employees to launch malware aimed at stealing cryptocurrency assets. The FBI says their social engineering tactics are targeted and hard to detect. The North Korean threat actors have been researching potential targets, with a focus on individuals linked to cryptocurrency Exchange-Traded Funds (ETFs) and other related financial products.

According to the annual "LexisNexis Risk Solutions Cybercrime Report," one in four password reset attempts from desktop browsers are fraud. The fraud attempts are part of the rise in password reset attacks. Researchers discovered that fraudsters attempt 70,000 password reset attacks in the UK per week to take over online accounts. Media streaming, e-commerce, and mobile accounts are the most targeted. This article continues to discuss key findings regarding password reset attacks.