Researchers have discovered a sophisticated cyberattack targeting Microsoft Windows systems in Ukraine. According to a new FortiGuard Labs advisory, the attack involves an Excel file embedded with a VBA macro to deploy a malicious DLL file, leading to the delivery of the "Cobalt Strike" payload. This malware strategy enables attackers to communicate with a Command-and-Control (C2) server and use evasion techniques to deploy the payload. This article continues to discuss findings regarding the multi-stage malware targeting Windows users in Ukraine.

The "Have I Been Pwned" (HIBP) data breach notification service now includes 361 million more email addresses stolen in credential stuffing attacks involving password-stealing malware, and data breaches. Cybersecurity researchers gathered these credentials from Telegram cybercrime channels, which leak stolen data to users to gain reputation and subscribers. This article continues to discuss the addition of millions of stolen email addresses to the HIBP data breach notification service.

Due to the recent exploitation of an old Oracle WebLogic flaw by China-based hackers to deploy cryptocurrency miners, the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) catalog. The Oracle WebLogic Server vulnerability enables unauthenticated attackers to access or modify critical data and execute OS commands. Attackers can perform Remote Code Execution via specially crafted HTTP requests. This article continues to discuss the CISA's addition of an old Oracle WebLogic flaw, tracked as CVE-2017-3506, to its KEV catalog.

Google recently started rolling out the June 2024 set of monthly security updates for Android, with patches for 37 vulnerabilities, including multiple high-severity elevation of privilege bugs.  The first part of this month's security update, which arrives on devices as the "2024-06-01 security patch level", resolves 19 flaws in the Framework and System components.  Google noted that the most severe of these issues is a high-severity vulnerability in the System component that could lead to local escalation of privilege with no additional execution privileges needed.

Telecoms giant Cox Communications recently announced that it patched a series of vulnerabilities that could have allowed hackers to remotely control millions of modems their customers used.  A security researcher, Sam Curry, discovered the vulnerabilities and responsibly reported them to Cox in early March.  Curry found an API for which authorization could be bypassed, potentially enabling an unauthenticated attacker to gain the same privileges as Cox’s tech support team.

A system developed by a team of researchers from Japan, China, and Finland could protect image privacy by using generative Artificial Intelligence (AI). Their system replaces parts of images that pose a threat to confidentiality with visually similar but AI-generated alternatives. During testing, 60 percent of viewers could not spot altered images. The researchers hope this system will make image censoring more visually cohesive, preserving image narrative while protecting privacy. This article continues to discuss the work on generative content replacement in image privacy protection.

In 2023, global ransomware attacks rose significantly, and they are expected to continue. Cyberattacks affect all types of businesses, but the healthcare industry is especially vulnerable. Phishing attacks are the biggest cyber threat to healthcare organizations, but ransomware is rising. Based on data from ransomware leak sites, nearly 200 ransomware attacks in 2023 impacted the healthcare sector. Threat actors know that ransomware in healthcare organizations can disrupt patient care because Protected Health Information (PHI) is highly valuable. These factors may increase ransom payments.

According to security researchers, a data breach faced by the cloud storage company Snowflake resulted in the theft of large amounts of information from Ticketmaster and other organizations. A hacking group recently claimed to have stolen Ticketmaster user data, impacting about 560 million users, and demanded $500,000. Live Nation Entertainment, a Ticketmaster parent company, reported unauthorized access to "a third-party cloud database environment" containing data from the ticket sales platform.

The Artificial Intelligence (AI) platform Hugging Face revealed that its Spaces platform was hacked, exposing member authentication secrets. Hugging Face Spaces lets community members demo AI apps created and submitted by users. Hugging Face says they revoked authentication tokens in compromised secrets and notified affected users via email. However, they recommend that all Hugging Face Spaces users refresh their tokens and switch to fine-grained access tokens to better control AI model access.

According to security researchers at Mandiant, ransomware activity increased in 2023 compared to 2022 despite law enforcement operations against prominent ransomware groups, including ALPHV/BlackCat.  During the study, the researchers observed a 75% increase in posts on ransomware groups’ data leak sites (DLS) in 2023 compared to 2022.  In total, victims on DLS spanned more than 110 countries.  During 2023, ALPHV/BlackCat and LockBit were the most frequently observed ransomware groups.  The researchers also discovered that 2023 saw more than 50 new ransomware variants.