The University of Arkansas is leading a collaborative effort with several universities, laboratories, and industry partners to strengthen solar inverter cybersecurity as part of a US Department of Energy (DOE) project. Solar inverters are key in the conversion of the Direct Current (DC), generated by solar panels, into Alternating Current (AC) for households and the energy grid. However, as the solar energy landscape evolves, so do cybersecurity threats. This article continues to discuss the project aimed at bolstering the cybersecurity measures of solar inverters.

A ransomware attack on the pathology and diagnostic services provider Synnovis, which disrupted operations at several London healthcare organizations, has prompted the UK National Health Service (NHS) to issue an urgent call for O-type blood donations. A ransomware attack forced affected hospitals to cancel some procedures and redirect patients. The Qilin ransomware gang is believed to have been behind the attack. This article continues to discuss the UK NHS issuing an urgent call for O-type blood donations following the recent ransomware attack that hit several London hospitals.  

Abnormal Security found that hacking groups still prefer phishing. In its latest report, "Email Security Threats in Europe: Insights into Attack Trends," the email security provider discovered that phishing attacks targeting organizations in Europe rose 112.4 percent between April 2023 and April 2024. The US saw a 91.5 percent increase. Business Email Compromise (BEC) is rising, with BEC attacks faced by US businesses increasing by 72.2 percent and by 123.8 percent for European businesses. This article continues to discuss key findings from Abnormal Security on email security threats.

BlackBerry is investigating a dark web sale of Cylance data, but the company says the data appears old and not from its systems. Last week, Dark Web Informer reported that a threat actor wants $750,000 for data allegedly belonging to customers, partners, and employees of BlackBerry's Cylance cybersecurity unit. The cybercriminals claim to have 34 million customer and employee emails. They also claim to have Personally Identifiable Information (PII), sales prospects, and user and partner lists. This article continues to discuss the Cylance data being offered for sale on the dark web.

Enterprise software maker SAP recently released ten new and two updated security notes as part of its June 2024 Security Patch Day.  The latest patches include two high-priority security notes, the most severe of which addresses a cross-site scripting (XSS) bug in Financial Consolidation.  The first high-priority security note addresses two XSS flaws in SAP’s product, collectively tracked as CVE-2024-37177 (CVSS score of 8.1).

According to a group of researchers, Microsoft's Visual Studio Code (VSCode) extensions marketplace has malicious uploads and poor security. In May, the team conducted an experiment in which they hacked over 100 organizations with a typosquatted version of a popular VSCode extension. During their study of the marketplace, they found many security design flaws implemented by Microsoft that allow threat actors to gain credibility and access. This article continues to discuss findings from the group's research on Microsoft's VSCode extensions marketplace.

According to Mandiant, a cyber threat actor is suspected of stealing a large amount of customer data from the data warehousing platform Snowflake. UNC5537, a financially motivated threat actor, is advertising the stolen data on cybercrime forums and trying to extort many victims. About 165 organizations that use Snowflake have been notified that they may have been exposed. The threat actor is said to be compromising Snowflake customer instances using stolen credentials. This article continues to discuss UNC5537's targeting of Snowflake customer instances for data theft and extortion.

A team of researchers led by Rice University's Edward Knightly discovered an eavesdropping security vulnerability in high-frequency and high-speed wireless backhaul links. These links are widely used in applications such as 5G wireless cell phone signals.

Researchers have discovered a new campaign spreading an updated version of the "ValleyRAT" malware. According to Zscaler ThreatLabz, the latest version includes screenshot capturing, process filtering, Windows event log clearing, and more. In 2023, QiAnXin and Proofpoint documented ValleyRAT's use in a phishing campaign targeting Chinese-speaking users and Japanese organizations that distributed "Purple Fox" and "Sainbox RAT," a variant of the "Gh0st" Remote Access Trojan (RAT) Trojan. This article continues to discuss findings regarding the China-linked ValleyRAT malware.

The "TellYouThePass" ransomware group has been using PHP's recently patched Remote Code Execution (RCE) vulnerability to deliver web shells and execute the encryptor payload. Attacks began on June 8, less than 48 hours after PHP's maintainers released security updates, using publicly available exploit code. TellYouThePass ransomware quickly uses public exploits for highly impactful vulnerabilities. Last November, the gang used an Apache ActiveMQ RCE in attacks, and in December 2021, they adopted the Log4j exploit.