Over the past year, "UNC4393," a threat group that infects targets with the "Basta" ransomware, has changed how it gains initial access to victims. The threat group previously relied on existing "Qakbot" infections, delivered through phishing attacks, for initial access. After US law enforcement took down Qakbot infrastructure last year, the threat group shortly used "DarkGate" malware as an initial access loader before switching to the "SilentNight" backdoor this year. According to Mandiant researchers, malvertising has driven this year's SilentNight surge.

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have jointly released a Public Service Announcement (PSA) titled "Just So You Know: DDoS Attacks Could Hinder Access to Election Information, Would Not Prevent Voting." The publication, released as part of their PSA series for the 2024 election cycle, warns that Distributed Denial-of-Service (DDoS) attacks on election infrastructure or adjacent infrastructure supporting election operations could interfere with public access to election information but would not affect the security

There has been a rise in state-sponsored cyberattacks on the shipping industry. According to NHL Stenden University of Applied Sciences research recently cited by the Financial Times, the shipping industry faced at least 64 cyber incidents in 2023. Over 80 percent of the incidents logged since 2001 involving a known attacker stemmed from Russia, China, North Korea, or Iran. This article continues to discuss the spike in cyberattacks faced by the shipping sector.

According to Zscaler ThreatLabz, a Fortune 50 company paid a record $75 million ransom to the "Dark Angels" ransomware group. Previously, the largest known ransom payment was $40 million by the insurance company CNA after an "Evil Corp" ransomware attack. Zscaler ThreatLabz did not reveal which Fortune 50 company paid the $75 million ransom, but it was confirmed that the attack occurred in early 2024. Dark Angels began targeting companies worldwide with ransomware in May 2022.

Researchers have discovered two vulnerabilities that could allow threat actors to abuse hosted email services in order to spoof the sender's identity and evade protections. The identified vulnerabilities impact millions of domains. The CERT Coordination Center (CERT/CC) at Carnegie Mellon University warns that authenticated attackers can spoof the identity of a shared, hosted domain and use network authorization to spoof the email sender. The flaws stem from the failure of many hosted email services in properly verifying trust between the authenticated sender and their allowed domains.

A malicious package named "zlibxjson version 8.2," has been discovered in the PyPI repository. The package was detected by Fortinet's Artificial Intelligence (AI)-powered OSS malware detection system on July 3, 2024, closely following its release on June 29, 2024. The package downloaded multiple files, including a PyInstaller-packed executable (.exe) that revealed several Python and DLL files when unpacked. This article continues to discuss findings regarding the new malicious PyPI package.

The North Korea-linked "DEV#POPPER" malware campaign targeting software developers has expanded its focus on Windows, Linux, and macOS systems with new malware and tactics. The campaign targeted victims in South Korea, North America, Europe, and the Middle East. Securonix researchers called this attack an advanced form of social engineering that manipulates people into disclosing confidential information or performing actions they would not usually take. This article continues to discuss findings regarding the ongoing DEV#POPPER malware campaign.

"SMS Stealer" is a novel malware with more than 107,000 samples that has been targeting Android devices for over two years. It steals SMS messages to obtain One-Time Passwords (OTPs) and other sensitive user data. According to researchers at Zimperium zLabs, SMS Stealer spreads through dynamically changing mobile apps distributed via Telegram messages or ads for legitimate apps. This article continues to discuss findings regarding the SMS Stealer malware.  

Metomic reports that healthcare organizations continue to expose their most sensitive data, putting their business and patients at risk. Twenty-five percent of healthcare organizations' publicly shared files contain Personally Identifiable Information (PII). PII was found in 68 percent of externally shared private files and 77 percent of private files shared internally. Publicly shared files with sensitive data pose the biggest risk for healthcare organizations and highlight the need for data security.

According to researchers at the University of the Republic of Uruguay, hackers can apply Artificial Intelligence (AI) to spy on a user's display by capturing leaked electromagnetic radiation from a PC's HDMI cable. Hackers can carry out the attacks using various methods, such as placing an antenna outside a building to intercept signals from the HDMI cable. Once they have successfully intercepted the data, hackers can take additional steps to gain access to users' sensitive data.