Government agencies in the US, New Zealand, and Canada have released new guidance, titled "Modern Approaches to Network Access Security," for organizations to use stronger security solutions and improve network activity visibility. The document delves into modern security solutions that organizations can use beyond Virtual Private Networks (VPNs) to ensure secure access to hybrid environments.

According to new research by Cyble Research and Intelligence Labs (CRIL), a QR code-based phishing campaign has targeted individuals in China, tricking victims by using QR codes in fake official documents. As part of the campaign, Microsoft Word files are disguised as official documents from the Chinese Ministry of Human Resources and Social Security. CRIL security researchers believe the files were distributed via spam email attachments. This article continues to discuss the QR code-based phishing campaign targeting individuals in China.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control System (ICS) advisory informing organizations of a high-severity vulnerability discovered in an outdated industrial switch made by the Israel-based networking equipment manufacturer RAD Data Communications. The agency recently found a publicly available Proof-of-Concept (PoC) exploit aimed at a path traversal vulnerability in RAD's SecFlow-2 ruggedized switch/router, which is intended for harsh industrial environments.

It has recently been announced that a statewide outage of the 911 emergency response system in Massachusetts this week was caused by an errant firewall that prevented calls from getting to the 911 dispatch centers.  The Massachusetts  Executive Office of Public Safety and Security described the two-hour outage on Tuesday as a “technical issue” with its 911 vendor Comtech that was the result of a firewall installed to provide protection against cyberattacks and hacking.

Google recently announced a Chrome 126 update that contains six security fixes, four of which address high-severity vulnerabilities reported by external researchers.  The first externally reported bug addressed with this update, CVE-2024-6100, is a high-severity type confusion issue in the V8 JavaScript engine.  The second issue addressed is CVE-2024-6101, which was described as an inappropriate implementation in WebAssembly.

Amtrak is starting to notify some customers that their Guest Rewards Accounts have been hacked.  According to Amtrak, no Amtrak systems were compromised in the attacks, as credential stuffing was employed.  During credential stuffing attacks, threat actors leverage username and password combinations obtained from other data breaches, malware infections, or phishing, in an attempt to gain access to accounts that use the same login credentials.  Amtrak noted that they believe the unauthorized party may have obtained login credentials from third-party sources.

According to security researchers at Hack The Box, British and US enterprises may be throwing away as much as $756m each year through lost productivity due to burned-out cybersecurity staff.  The researchers claimed UK employers may be losing a combined $130m annually, while their US counterparts could be down by as much as $626m due to lost productivity.  The research pointed the blame squarely at employee burnout.

A team of researchers investigated 36 digital square global goods, including open source apps, software development kits, desktop apps, and web apps used in the health sector. Eighty-three percent of them were found to contain passwords, private keys, authentication tokens, and other secrets that could be exposed. The research group, including Upanzi Network researchers Theoneste Byagutangaza and Junias Bonou and Carnegie Mellon University (CMU)-Africa student Emmanuel Hirwa, wants software developers to design products with cybersecurity in mind.

Threat actors are using free or pirated versions of commercial software as lures to deliver "Hijack Loader," which deploys "Vidar Stealer," an information stealer. According to Trellix security researcher Ale Houspanossian, attackers tricked users into downloading password-protected archive files with trojanized copies of the Cisco Webex Meetings app. When victims extracted and executed a Setup.exe binary file, the Cisco Webex Meetings app secretly installed a malware loader. This loader leads to the launch of an information-stealing module.

Recent attacks on customer accounts hosted by the Snowflake data warehousing platform suggest that threat actors are shifting to targeting Software-as-a-Service (SaaS) application environments. Mandiant recently released a report on another large threat actor who has started targeting enterprise data in SaaS applications, expanding its usual focus on Microsoft cloud environments and on-premises infrastructure.