A County in Indiana has recently filed a disaster declaration following a ransomware attack on local government networks, which has prevented the administration of critical services.  Clay County made the declaration after confirming the incident, which resulted in an inability to operate Clay County Courthouse and Clay County Probation/Community Corrections facilities.  No group has so far been identified as being behind the attack, which was first detected on July 9.

AT&T recently announced that almost all its wireless subscribers were exposed in a massive hack that occurred between April 14 and April 25, 2024, where a hacker exfiltrated files containing “records of customer call and text interactions” between approximately May 1 and October 31, 2022, as well as on January 2, 2023.

A new end-to-end phishing toolkit called "FishXProxy" makes it easier for cybercriminals to launch and manage malicious email attacks that bypass security. SlashNext Security researchers discovered that FishXProxy, marketed as "The Ultimate Powerful Phishing Toolkit" on underground cybercriminal forums, has advanced features and integration with the Cloudflare Content Delivery Network (CDN).

Symantec reports that in the first quarter of 2024, successful ransomware attacks advertised on leak sites increased 9 percent despite high-profile law enforcement takedowns of major groups. The security vendor reported 962 claimed attacks in the first quarter of 2024, down from 1,190 in the previous three months but up from 886 in 2023. In December 2023 and February 2024, global law enforcement went after the "ALPHV/BlackCat" and "LockBit" groups. This article continues to discuss the increase in ransomware despite law enforcement disruptions.

GitLab has made security updates that address six vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including a critical-severity bug. The bug tracked as CVE-2024-6385, with a CVSS score of 9.6, allows an attacker to trigger a pipeline as another user. Contrast Security CISO David Lindner warns that the exploitation of the bug could enable attackers to run malicious code, access sensitive data, and compromise software integrity.

Dallas County is notifying over 200,000 people that the Play ransomware attack in October 2023 exposed their personal data to cybercriminals.  In October 2023, the Play ransomware gang added Dallas to its extortion portal on the dark web, threatening to leak data it stole during an attack on its systems, including private documents from various departments.  It was taking a long time for Dallas to finish their investigation into the incident, so it created a dedicated call center in January 2024 to help answer people's questions.

Advance Auto Parts started to send data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks.  The company said that on June 5, 2024, a threat actor known as "Sp1d3r" began selling a massive 3TB database allegedly containing 380 million Advance Auto Parts customer records, orders, transaction details, and other sensitive information.  On June 19, the company confirmed the breach via a Form 8-K filing but said it only impacts current and former employees and job applicants.

According to researchers at Sysdig, the new threat actor called "CRYSTALRAY" now has over 1,500 victims. The threat actor has stolen credentials and deployed cryptocurrency miners. In February, Sysdig researchers first reported the actor's use of the "SSH-Snake" open source worm to spread laterally on breached networks. SSH-Snake steals SSH private keys from compromised servers and then uses them to move laterally to other servers while dropping additional payloads. This article continues to discuss recent findings regarding the CRYSTALRAY threat actor.

A recently disclosed PHP security flaw has been used to deliver Remote Access Trojans (RATs), cryptocurrency miners, and Distributed Denial-of-Service (DDoS) botnets. The vulnerability, tracked as CVE-2024-4577, with a CVSS score of 9.8, enables an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. According to Akamai researchers, attackers can escape the command line and pass arguments to be interpreted directly by PHP, through the exploitation of the vulnerability.

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint alert about the exploitation of OS command injection vulnerabilities in network edge devices. In response to recent intrusions exploiting vulnerabilities that impact Cisco NX-OS, Palo Alto Networks PAN-OS, and Ivanti Connect Secure, business leaders and device manufacturers are urged to eliminate OS command injection vulnerabilities at the source.