Publicly available Proof-of-Concept (PoC) exploit code for a vulnerability in Microsoft's Remote Registry client can be used to take over a Windows domain by downgrading the security of the authentication process. The vulnerability stems from a fallback mechanism in the Windows Registry (WinReg) client implementation that relies on old transport protocols if the Server Message Block (SMB) transport is absent.

According to Teleport, Artificial Intelligence (AI) impersonation has become the most difficult vector for cybersecurity professionals to protect companies against. Based on the study, which surveyed 250 senior US and UK decision-makers, social engineering remains one of the most common tactics used by cybercriminals to install malware and steal sensitive data, with advances in AI and deepfakes increasing the effectiveness of phishing scams.

Palo Alto Networks' Unit 42 researchers have revealed a new adversarial technique they call "Deceptive Delight" that can jailbreak Large Language Models (LLMs) during an interactive conversation by sneaking in a malicious instruction between harmless ones. The simple yet effective method achieves an average 64.6 percent Attack Success Rate (ASR) in three interaction turns. This article continues to discuss observations regarding the Deceptive Delight multi-turn technique.

Anti-malware vendor Avast recently published a free decryption tool to help victims to recover from the Mallox ransomware attacks.  Mallox ransomware was fisrt observed in 2021, and is also known as Fargo, TargetCompany, and Tohnichi.  Mallox has been operating under the ransomware-as-a-service (RaaS) business model and is known for targeting Microsoft SQL servers for initial compromise.

According to a new report by Microsoft, ransomware attacks on the healthcare sector are rising and putting lives at risk.  The researchers, during their study, found that there has been a 300% increase in ransomware attacks on the healthcare sector since 2015, and there has been an increase in stroke and cardiac arrest cases at hospitals receiving patients from nearby facilities paralyzed by such attacks. Microsoft noted that healthcare is one of the top 10 most targeted sectors, and the average payment from a survey of healthcare organizations was $4.4 million.

According to a new study by researchers at Fortinet, nearly 70% of business leaders believe their employees lack critical cybersecurity knowledge, a sharp increase from 56% in 2023.  The researchers also found that AI-driven cyberattacks are becoming more difficult for employees to detect.  Over 60% of survey respondents expect a rise in employees falling victim to AI-enhanced attacks. However, 80% of those surveyed said that increased awareness of these AI-augmented threats has prompted organizations to embrace security awareness and training programs.

The United States Department of Justice and the cybersecurity agency CISA have started seeking comments on a proposed rule for protecting the personal data of Americans against foreign adversaries.  The goal is to prevent data brokers, which are companies that collect and aggregate information and then sell it or share it, from providing bulk data collected on American citizens, as well as government-related data, to countries of concern, such as China, Cuba, Iran, North Korea, Russia, or Venezuela.

Researchers at SentinelOne have observed a new macOS malware family dubbed "NotLockBit" that poses as "LockBit" ransomware. NotLockBit, which is written in the Go programming language, targets both Windows and macOS systems. According to SentinelOne, the malware is distributed as an x86_64 binary, suggesting that it only works on Intel and Apple silicon macOS devices running the Rosetta emulation software. This article continues to discuss findings regarding the NotLockBit ransomware.

The Sysdig Threat Research Team (TRT) has reported that cloud-based cyberattacks increased significantly in 2024 as threat actors used new methods to exploit cloud resources. In addition to LLMjacking, which targeted Large Language Models (LLMs), attackers weaponized open source tools and increased automation in 2024, causing financial damage and expanding the attack surface for cloud-hosted enterprises. This article continues to discuss the rise in the performance and abuse of LLMjacking and open source tools in cloud attacks.

The "Alphv/BlackCat" ransomware gang appears to have resurfaced as "Cicada3301," which is written in the Rust programming language. It has many similarities to BlackCat, claiming over 30 victims since June 2024, primarily in the healthcare, hospitality, manufacturing/industrial, and retail industries of North America and the UK. This article continues to discuss findings regarding the Cicada3301 ransomware.

SecurityWeek reports "BlackCat Ransomware Successor Cicada3301 Emerges"