CrowdStrike warns of a fake recovery manual that installs a new information-stealing malware called "Daolpu." Threat actors have been taking advantage of the chaos surrounding the buggy CrowdStrike Falcon update that caused global Information Technology (IT) outages. A new campaign involves phishing emails appearing to carry instructions for using a new recovery tool that fixes Windows devices affected by the recent CrowdStrike Falcon crashes. This article continues to discuss findings regarding the fake CrowdStrike recovery manual that installs Daolpu.

Karel Dhondt and Victor Le Pochat, researchers at KU Leuven, found that many dating apps may leak users' sensitive data and exact locations. They analyzed 15 location-based dating apps to determine what user data a malicious actor could steal. All 15 apps leaked sensitive user data that attackers could abuse. This article continues to discuss findings regarding the privacy and security of the analyzed dating apps.

Trend Micro reports that the "Play" ransomware group now has a Linux variant targeting VMWare ESXi environments. The Play ransomware, discovered in June 2022, is known for its sophisticated double-extortion tactics, custom tools, and significant impact on organizations, especially in Latin America. As Trend Micro reported last week, this is the first instance of Play ransomware targeting ESXi environments. This article continues to discuss the expansion of the Play ransomware to ESXi environments.

Symantec found that the Chinese espionage group "Daggerfly," also known as "Evasive Panda" and "Bronze Highland," has updated its malware toolkit to target most major operating systems. Recent developments show that the group is using a shared framework to target Windows, Linux, macOS, and Android OS. Researchers saw the group using new malware in recent attacks on organizations in Taiwan and a US NGO based in China. This article continues to discuss findings regarding the Daggerfly group.

ESET warns that Telegram for Android was exploited to distribute malware disguised as videos. The cybersecurity company identified the vulnerability after finding an advertisement for a zero-day exploit targeting Telegram for Android on a cybercrime forum. The exploit is believed to have been developed using the Telegram Application Programming Interface (API), enabling developers to upload crafted multimedia files to Telegram chats or channels programmatically.

In January 2024, the Industrial Control System (ICS) malware "FrostyGoop" disrupted systems at a municipal district energy company in the Ukrainian city of Lvivy. The attacked facility provides central heating to 600 apartment buildings, so residents were left without heat. This article continues to discuss findings regarding the FrostyGoop ICS malware.

SecurityWeek reports "FrostyGoop ICS Malware Left Ukrainian City's Residents Without Heating"

According to Microsoft, CrowdStrike's faulty software update, which caused massive Information Technology (IT) outages worldwide, affected 8.5 million Windows devices. Microsoft has released a USB tool to help IT administrators repair Windows clients and servers impacted by the CrowdStrike Falcon agent issue. This article continues to discuss the number of Windows devices impacted by the faulty software update from CrowdStrike and the tool published by Microsoft to help administrators through the recovery process.

After the cybersecurity company CrowdStrike pushed a routine sensor configuration update that caused a logic error and a Blue Screen of Death (BSOD) on Windows systems, many organizations worldwide were disrupted. The CrowdStrike incident is now being used for phishing, scams, and malware delivery. As with other major global events, threat actors, especially financially motivated groups, have leveraged the chaos associated with the pursuit of information and solutions.

Southwest Research Institute (SwRI) engineers have identified cybersecurity vulnerabilities with Electric Vehicles (EVs) using direct current fast-charging systems. The technology uses Power Line Communication (PLC) to transmit smart-grid data between vehicles and charging equipment. SwRI exploited PLC layer vulnerabilities to gain access to network keys and digital addresses on the charger and the vehicle.

A new survey by Code42 found that 73 percent of life sciences companies are using Artificial Intelligence (AI) to fill the cybersecurity skills gap. According to Code42, the life sciences sector is at the forefront of AI use, with AI tools allowing cybersecurity teams to automate detection and response as well as free up resources for strategic tasks. However, AI use has drawbacks, as 86 percent of cybersecurity leaders say it puts their company at risk of data exfiltration.