Security researchers at Symantec have started analyzing the relatively new RansomHub ransomware-as-a-service and believe it has evolved from the currently defunct Knight ransomware project.  Knight ransomware launched in late July 2023 as a re-brand of the Cyclops operation and started breaching Windows, macOS, and Linux/ESXi machines to steal data and demand a ransom.

A trio of Chinese state-aligned threat clusters under the name "Operation Crimson Palace" stole military and political secrets from a government organization in Southeast Asia. Sophos reported on Operation Crimson Palace's sophistication and coordination, involving new malware tools, over 15 Dynamic Link Library (DLL) sideloading methods, and novel evasion methods. This article continues to discuss findings regarding Operation Crimson Palace.

Audio deepfakes are becoming more dangerous, which prompted the US Federal Trade Commission (FTC) to launch its Voice Cloning Challenge. Academics and industry contestants had to develop ideas to prevent, monitor, and evaluate malicious voice cloning. Three teams approached the problem differently, showing that audio deepfakes pose complex and evolving harms that require a multipronged, multidisciplinary approach. Artificial Intelligence (AI)-generated synthetic voices for speech-impaired people are a benefit of voice cloning.

The Federal Bureau of Investigation (FBI) has warned about increased work-from-home scams. The advisory states that scammers call or message potential victims posing as reputable businesses or recruiting agencies. Scammers often require victims to pay cryptocurrency to supposed employers to access additional earnings or unlock their work. Despite a fake interface showing income, victims cannot withdraw. Scammers may demand cryptocurrency payments, use simple job descriptions, and not require references during the hiring process.

Northern Minerals, an Australian rare-earth metals producer, reported a data breach after a ransomware group released data stolen from the company. The announcement followed the BianLian ransomware gang's release of Northern Minerals' operational, human resources, management, project, and email data on its Tor-based leak site. The cybergang claims to have stolen project and mining research data, financial data, shareholder and investor data, employee personal data, and corporate email archives.

Taiwan-based networking device manufacturer Zyxel recently announced three critical severity vulnerabilities in two discontinued NAS products that could lead to command injection and arbitrary code execution.  The first two flaws tracked as CVE-2024-29972 and CVE-2024-29973, are command injection bugs that can be exploited without authentication via crafted HTTP POST requests.  Another unauthenticated issue, CVE-2024-29974, could allow attackers to execute arbitrary code by uploading crafted configuration files.

According to security researchers at CyberSeek, over 200,000 more cybersecurity workers are needed in the United States to close the talent gap.  Currently, there are more than 1.2 million cybersecurity workers in the United States.

Windows Recall, which takes screenshots of a user's activity every five seconds and saves them on their device, is easy to abuse, according to cybersecurity researchers. One ethical hacker has created a tool called "TotalRecall" to extract data collected by Windows' new Recall Artificial Intelligence (AI). Since Microsoft announced Recall in mid-May, security researchers have compared it to spyware or stalkerware that tracks everything a user does on their device. The TotalRecall tool can pull all the information Recall saves into its main database on a Windows laptop.

Russian organizations have been targeted in cyberattacks that deliver a Windows variant of the "Decoy Dog" malware. The activity cluster, tracked by Positive Technologies as "Operation Lahat," is linked to "HellHounds," an Advanced Persistent Threat (APT) group. The HellHounds group compromises organizations and gains access to their networks, going undetected for years. This article continues to discuss the targeting of Russian organizations with Decoy Dog malware.

The RansomHub ransomware group recently claimed responsibility for the April 2024 cyberattack on telecommunications giant Frontier Communications.  In an April filing with the Securities and Exchange Commission (SEC), Frontier revealed that the intrusion was identified on April 14 and resulted in certain systems being shut down to contain the attack.  The ransomware group claims to have stolen information, including names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and credit scores of more than two million Frontier customers.