Check Point Research warns that over 20,000 Ubiquiti devices are exposed on the Internet, revealing informational data, including their platform names, configured IP addresses, and more, due to a five-year-old bug. In January 2019, broadband Internet expert Jim Troutman warned that an exposed port in dozens of Ubiquiti Internet of Things (IoT) devices was being used for Denial-of-Service (DoS) attacks. The vulnerability received a "high" score of 7.5 on the CVSS scale. Months later, Rapid7 researchers still found about 500,000 vulnerable devices.

The Ransomware-as-a-Service (RaaS) operator "Hunters International" is using a new Remote Access Trojan (RAT) named "SharpRhino." According to researchers at Quorum Cyber, the malware is delivered through a typosquatting domain impersonating the legitimate tool "Angry IP Scanner." Information Technology (IT) professionals are more likely to be the ones downloading and using the IP address and port scanner. This article continues to discuss findings regarding the Hunters International gang targeting IT workers with the SharpRhino RAT.

According to South Korea's National Cyber Security Center (NCSC), Democratic People's Republic of Korea (DPRK) state-sponsored hackers have exploited vulnerabilities in a Virtual Private Network's (VPN) software update to install malware and infiltrate networks. The two threat groups said to be involved in this activity are "Kimsuky" and Andariel, both state-sponsored actors previously linked to the "Lazarus Group." This article continues to discuss North Korean hackers' exploitation of flaws in a VPN's software update to deploy malware and breach networks.

In the first half of 2024, 22,254 Common Vulnerabilities and Exposures (CVEs) were reported, up 30 percent from last year. According to Qualys' "2024 Midyear Threat Landscape Review" just 0.91 percent of the reported CVEs were weaponized. While only 204 of the reported CVEs have been weaponized, they represent critical risks often exploited by threat actors in ransomware attacks and other cyberattacks. This article continues to discuss key findings from Qualys' 2024 Midyear Threat Landscape Review.

The cloud computing company Amazon Web Services (AWS) uses a massive neural network graph model with 3.5 billion nodes and 48 billion edges to quickly detect malicious domains crawling its infrastructure. The "Mithra" system applies algorithms for threat intelligence and provides AWS with a reputation-scoring system to identify malicious domains. In a note about Mithra, the technology giant said it detects about 182,000 new malicious domains daily. This article continues to discuss the Mithra neural network used by AWS to predict and block malicious domains.

In an update, Electronics manufacturing services firm Keytronic revealed that a recent ransomware attack resulted in additional expenses and lost revenue totaling more than $17 million.  The company revealed the costs associated with the incident in a preliminary financial report for the fourth quarter of fiscal 2024.  The company said that due to this event, the company incurred approximately $2.3 million in additional expenses and believed that it lost roughly $15 million in revenue during the fourth quarter.

The "Chameleon" malware has returned with a new campaign against an international restaurant chain, with a focus on the European and Canadian regions. According to analysts at Threat Fabric, the device takeover trojan is now disguised as a restaurant Customer Relationship Management (CRM) app, targeting hospitality employees as well as potential Business-to-Consumer (B2C) company employees. This article continues to discuss the history of the Chameleon malware and its new campaign attacking restaurants in Canada and Europe.

INTERPOL's "global stop-payment mechanism" helped recover millions of dollars in funds defrauded in a large Business Email Compromise (BEC) scam. The move follows a mid-July 2024 BEC scam at a Singapore commodity company. BEC attacks are a type of cybercrime that can be carried out in a variety of ways, such as gaining unauthorized access to a finance employee's or law firm's email account and sending fake invoices, or impersonating a third-party vendor and sending a fake bill. This article continues to discuss INTERPOL's recent recovery of funds defrauded in a BEC scam.

Pharmaceutical company Cencora recently confirmed in an update on July 31 that sensitive personal and health data was exfiltrated during a cyberattack in February 2024.  The company noted that most of the information impacted was maintained by a subsidiary company that provides patient support services.  The company did not state the number of people affected by the breach or name the subsidiary firm.  The company noted that there is currently no evidence that the attackers have published or misused the data.

The Grand Palais' IT director observed unusual activity on the museum's systems on the night of August 3-4 and discovered that it was due to a ransomware attack targeting systems used to "centralize financial data" for approximately 40 museums in France, including the Grand Palais.  The IT director notified the French cybersecurity agency (ANSSI).  Many of the affected museums say the attackers have encrypted parts of their systems, requested a ransom in cryptocurrency, and threatened to leak data if the victim had not paid within 48 hours.