Netcraft warns that compromised email accounts are being used by threat actors to send phishing emails with links to PDF files hosted on Autodesk Drive. Attackers have used compromised email accounts to send phishing emails to existing contacts, even including the victim's signature footer. To add legitimacy, the attackers have included a shortened link to a malicious PDF hosted on Autodesk Drive in the message body, along with the sender's and company's names.

Coalition reports that 56 percent of 2023 claims were for Funds Transfer Fraud (FTF) or Business Email Compromise (BEC), emphasizing the importance of email security in cyber risk management. The 2024 Cyber Claims Report highlights claims data from January 1 to December 31, 2023. The report also identified an increased risk for organizations that use boundary devices such as firewalls and Virtual Private Networks (VPNs). Although these tools can help to reduce cyber risk, using certain boundary devices may increase the likelihood of a cyber claim if they are vulnerable.

Cloud-based pinyin keyboard apps' security vulnerabilities could expose users' keystrokes to malicious actors. Citizen Lab found vulnerabilities in eight of nine apps from Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. Huawei's keyboard app was the only one without security issues. Researchers said the vulnerabilities could expose the contents of users' keystrokes in transit.

ThreatFabric researchers have discovered "Brokewell," an Android banking Trojan capable of capturing every event on the compromised device, including touches, information displayed, text input, and applications launched. The malware is delivered via a fake Google Chrome update that is displayed while browsing. Brokewell malware, which is said to be under active development, provides device takeover and remote control capabilities. This article continues to discuss observations and findings regarding the new Brokewell malware. 

"DragonForce," a new ransomware strain, uses a leaked LockBit builder. The cybercriminal group used a ransomware binary based on a leaked LockBit Black builder, according to Cyble. Cyble reported its findings after examining DragonForce's activity for months. LockBit Black is the third LockBit ransomware version. A disgruntled developer leaked it six months after its March 2022 release. After that, LockBit admins launched LockBit Green, which was later revealed to be a rebranded version of a Conti encryptor.

Palo Alto Networks recently shared remediation instructions for organizations whose firewalls have been hacked through the exploitation of the vulnerability tracked as CVE-2024-3400. The company noted that customers who detect unsuccessful exploitation attempts are advised to update to the latest PAN-OS hotfix. The same must be done by organizations that find evidence of someone testing their firewall to see if it's vulnerable, this typically involves creating an empty file on the firewall, but no unauthorized commands are executed.

According to security researchers at PatchStack, hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. Currently installed on more than 30,000 websites, WP Automatic lets administrators automate content importing (e.g. text, images, video) from various online sources and publishing on their WordPress site. The exploited vulnerability is identified as as CVE-2024-27956 and received a severity score of 9.9/10.

The US government has recently taken down Samourai Wallet, a cryptocurrency mixing service that executed over $2bn in unlawful transactions and laundered over $100m in criminal proceeds. The Department of Justice (DoJ) recently announced that Samourai's web servers and domain were seized following a law enforcement operation in collaboration with Iceland's authorities. Additionally, the illegal cryptocurrency service's Android app has been removed from the Google Play Store in the US.

Proof-of-Concept (PoC) exploit code has been released for a severe security vulnerability in Progress Flowmon, a tool used to monitor network performance and support visibility. Progress Flowmon features performance tracking, diagnostics, and more. It is used by over 1,500 companies worldwide, including SEGA, KIA, TDK, Volkswagen, Orange, and Tietoevry. The security issue, discovered by researchers at Rhino Security Labs and tracked as CVE-2024-2389, has a maximum severity score of 10.

Researchers at the University of Illinois Urbana-Champaign discovered that feeding public security advisories to a GPT-4 Artificial Intelligence (AI) agent allows it to exploit unpatched "real-world" vulnerabilities even without precise technical information. The researchers fed AI agents descriptions of over a dozen disclosed but unpatched vulnerabilities (also called "one-day" flaws), including two "critical" bugs.