Researchers have found a critical Remote Code Execution (RCE) vulnerability in the MHTML protocol handler, which the Advanced Persistent Threat (APT) group "Void Banshee" exploited. The APT group exploited the flaw in a sophisticated attack chain to steal sensitive data and achieve financial gain. This article continues to discuss findings regarding the exploitation of a critical RCE flaw within the MHTML protocol handler by the Void Banshee APT group.

Hackers have compromised multiple domain names registered with Squarespace, leaving several cryptocurrency platforms scrambling to regain control of their Domain Name System (DNS) records. The recent attacks impacted domains transferred to Squarespace after the domain registrar acquired domain registrations and customers from Google Domains in 2023. This article continues to discuss the exploitation of a flaw to hijack cryptocurrency domains migrated from Google Domains to Squarespace.

The US cybersecurity agency CISA recently urged federal agencies to patch a critical severity vulnerability in GeoServer as soon as possible, warning of evidence of active exploitation.  The bug is tracked as CVE-2024-36401 (CVSS score of 9.8) and is described as the unsafe evaluation of property names as XPath expressions, which could allow unauthenticated attackers to execute code remotely through crafted input against a default GeoServer installation.

A hacktivist group recently claimed to have stolen and leaked over a terabyte of data from Diseny's internal slack channels.  The 1.1 terabyte of data includes a complete 10,000 channel data dump that encompasses files, messages, unreleased projects, raw images, and code.  The group also claims to have stolen some logins, links to internal API/web pages, and more.  Disney has confirmed to BBC that it is now investigating the hack.  The attacker, NullBulge, claims to be a hacktivist group protecting artists' rights and ensuring fair compensation for their work. 

Reconnaissance is one of the most time-consuming parts of network attack planning for adversaries. As Application Programming Interfaces (APIs) are exposed to the public, attackers spend less time finding attack vectors into the API's network, making APIs an easier target for breaches. If poorly designed, APIs can increase a network's attack surface and cause serious security issues. Since microservice architectures are increasingly replacing monolithic software architectures, APIs are more common than ever.

Researchers have discovered a new ransomware strain called "HardBit" that uses new obfuscation methods to avoid analysis. Cybereason researchers found that HardBit ransomware 4.0 added passphrase protection. The passphrase must be provided during runtime for proper ransomware execution. HardBit, which emerged in October 2022, is a financially motivated ransomware group that uses double extortion to generate illicit revenues. This article continues to discuss findings regarding the HardBit ransomware.

The National Security Agency (NSA) has released a new Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity Throughout the Automation and Orchestration Pillar" to help organizations detect cyber threats and respond to threats more quickly. This report is the NSA's final CSI in a series pertaining to the seven pillars of the US Department of Defense (DoD) Zero Trust (ZT) framework.

Barracuda researchers found cybercriminals using URL protection services to hide phishing links. The company observed phishing campaigns using three URL protection services to mask phishing URLs and send victims to credential-stealing websites. Researchers estimate these campaigns have targeted hundreds of companies. URL protection services prevent users from visiting malicious websites via phishing links. This article continues to discuss cybercriminals' abuse of legitimate URL protection services.