Europol coordinated a joint law enforcement effort called "Operation Morpheus," which took down nearly 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. Fortra released Cobalt Strike over a decade ago as a legitimate commercial penetration testing tool for red teams to scan network infrastructure for security vulnerabilities. However, threat actors have used cracked copies of the software, making it a popular data theft and ransomware attack tool. This article continues to discuss to discuss the takedown of Cobalt Strike servers used by cybercriminals.

Thousands of people with accounts on darknet websites used to share Child Sexual Abuse Material (CSAM) could be exposed using information stolen by cybercriminals. Recorded Future researchers were able to identify these individuals using credentials harvested by infostealer malware. This type of malware is typically used to steal log-in credentials for banking services. This article continues to discuss the unmasking of darknet child abuse website users through infostealer malware.

Security researchers at Comparitech have discovered that the average extortion demand per ransomware attack was over $5.2m in the first half of 2024.  The most significant ransom demand during the first half of 2024 was a $100m ransom following an attack on India’s Regional Cancer Center (RCC) in April 2024.  The second highest confirmed ransom demand was issued to UK pathology provider Synnovis, with attackers demanding $50m.

Researchers at the University of California, San Diego found that modern Intel processors, including chips from the Raptor Lake and Alder Lake generations, are vulnerable to a new high-precision Branch Target Injection (BTI) attack called "Indirector." The attack could be used to steal information from CPUs. Vulnerabilities in the Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB), two hardware components in modern Intel CPUs, could be exploited by the Indirector attack to manipulate speculative execution for data extraction.

EVA Information Security, a red teaming company, has disclosed details about three vulnerabilities in the CocoaPods dependency manager that affect millions of macOS and iOS applications. CocoaPods is an open source dependency manager for Swift and Objective-C Cocoa projects that has over 100,000 libraries and is used by about three million applications across the Apple ecosystem.

Ticketmaster recently confirmed that hackers accessed customers' personal information.  Ticketmaster started sending notices to customers last week.  Ticketmaster says an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider between April 2 and May 18.  A hacking group called ShinyHunters claimed to have stolen 1.3TB of data from Ticketmaster.    The breach involved customers who purchased tickets with the company in North America.

Fintech companies Wise and Affirm recently revealed that the recent data breach suffered by Evolve Bank impacted some of their customers.  The LockBit ransomware group recently threatened to leak data allegedly stolen from the US Federal Reserve.  The cybercriminals did leak data on June 26, but it turned out that the files actually originated from an Arkansas-based financial organization, Evolve Bank & Trust.

The Australian Federal Police (AFP) has recently arrested a 42-year-old Australian resident who allegedly established a network of fake free Wi-Fi access points in airports.  Dubbed "evil twin" Wi-Fi devices, the AFP noted that the access points were installed at multiple locations and mimicked legitimate networks to capture personal data from unsuspecting victims who mistakenly connected to them.

Life insurance company Landmark Admin is starting to notify individuals about a data breach impacting personal, medical, and insurance information.  Landmark Admin says it detected the incident on May 13 and found evidence that the attackers accessed specific files containing information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account numbers, tax identification numbers, medical information, health insurance policy numbers, and life and annuity policy information.

Infosys McCamish Systems recently announced that a cyberattack impacted more than six million customers last year.  The incident, which was first reported in February, was traced back to November 2023.  During the investigation, it was determined that unauthorized activity occurred between October 29, 2023, and November 2, 2023.