US oil giant Halliburton recently confirmed its computer systems were hit by a cyberattack that continues to affect operations at its Houston, Texas, offices.  Halliburton, considered the world’s second largest oil service company, has engaged with external experts to investigate and mitigate the threat.  The company noted that the investigation into the incident is still ongoing, and more information will be provided in the future.  Halliburton employs about 55,000 through hundreds of subsidiaries, affiliates, and brands in more than 70 countries.

Lakera reports that 95 percent of cybersecurity experts have low confidence in Generative Artificial Intelligence (GenAI) security. In addition, red team data suggests that anyone can easily hack GenAI models. Anyone can use GenAI-specific prompt attacks to manipulate the models, gain unauthorized access, steal confidential data, and more. This article continues to discuss key findings from Lakera's "2024 GenAI Security Readiness Report."

Help Net Security reports "GenAI Models Are Easily Compromised"

The National Security Agency (NSA), together with the Australian Signals Directorate's Australian Cyber Security Centre (ASD ACSC) and international co-authors, has released a Cybersecurity Information Sheet (CSI) titled "Best Practices for Event Logging and Threat Detection." The new CSI aims to help protect against malicious actors using Living off the Land (LOTL) techniques. It delves into best practices for event logging and threat detection in cloud services, enterprise networks, mobile devices, and Operational Technology (OT) networks.

Researchers at Tenable have exploited a vulnerability in Microsoft's Copilot Studio tool to make external HTTP requests that could access sensitive information on internal services within a cloud environment, potentially affecting multiple tenants. The researchers found and exploited a Server-Side Request Forgery (SSRF) vulnerability in the chatbot creation tool. The exploitation of this flaw allowed them to access Microsoft's internal infrastructure, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances.

"Velvet Ant," a skilled China-linked espionage group, has compromised edge devices and network appliances to improve stealth and persistence. On July 1, 2024, Cisco detailed a Command Line Interface (CLI) command injection vulnerability impacting NX-OS software used by its Nexus switches. On the same day, Sygnia announced its discovery of this vulnerability exploited by the threat group it tracked as Velvet Ant. Sygnia has now released more information on Velvet Ant's tactics, techniques, and procedures (TTPs).

A new Android malware phishes card details and sends them to an attacker for ATM withdrawals. According to researchers at ESET, the crimeware campaign has targeted customers at three Czech banks. After a multi-stage phishing campaign, the victim unknowingly downloads "NGate" malware. After it is installed and opened, NGate displays a fake website that requests the victim's banking information and sends it to the attacker's server. The feature named "NFCGate" relays Near Field Communication (NFC) data between victim and attacker devices.

"Cthulhu Stealer," a recently discovered malware, has been targeting macOS users, posing another significant cybersecurity threat to Apple's operating system. Cado Security has identified the tool as a Malware-as-a-Service (MaaS) that disguises itself as legitimate software using Apple disk images (DMG). The Cthulhu Stealer mainly steals sensitive information from its victims, such as credentials and cryptocurrency wallets. This article continues to discuss findings regarding Cthulhu Stealer.

Over two years after the Log4j zero-day caused global chaos, organizations still face exploits that push cryptocurrency miners and malicious backdoor scripts. Researchers at Datadog Security Labs have found that cybercriminals are still using "Log4Shell" exploits to avoid detection and plant malware scripts on unpatched corporate systems. This article continues to discuss the continued impact of the Log4Shell vulnerability.