According to Mandiant's 15th annual M-Trends 2024 report, global median dwell time, or the average amount of time attackers remain undetected on a target's network after gaining unauthorized access, has reached the lowest point in over a decade. The shorter median dwell time is one of several findings suggesting that organizations have significantly improved their defensive capabilities for detecting malicious activity. Shorter dwell times were found to be driven by a higher proportion of ransomware incidents in 2023, indicating that ransomware is more detectable.

The LockBit ransomware gang has recently leaked 1Gb of data allegedly stolen from the District of Columbia’s Department of Insurance, Securities and Banking (DISB). LockBit claims to be in possession of 800 GB of data pertaining to DISB, the US Securities and Exchange Commission (SEC), Delaware banking institutions, and other financial entities and threatens to release it unless DISB pays a ransom.

Ning Zhang, an assistant professor of computer science and engineering at Washington University in St. Louis, was among three winners of the US Federal Trade Commission's (FTC) Voice Cloning Challenge. "DeFake," Zhang's winning project, uses watermarking for voice recordings. The tool adds carefully crafted distortions that are imperceptible to the human ear to recordings, which makes cloning more difficult by removing usable voice samples. DeFake involves applying adversarial Artificial Intelligence (AI).

Microsoft warns that the Russian threat group "APT28" uses "GooseEgg," a previously unknown hacking tool, to exploit a Windows Print Spooler vulnerability. Through this exploitation, they escalate privileges as well as steal credentials and data. APT28 created this tool to target the vulnerability, tracked as CVE-2022-38028 and reported by the US National Security Agency (NSA.) Redmond fixed the flaw during the Microsoft October 2022 Patch Tuesday.

Researchers at Legit Security discovered a dependency confusion vulnerability in an archived Apache project. The finding emphasizes the importance of analyzing third-party projects and dependencies, especially those that have been archived or possibly neglected when it comes to security updates. Dependency confusion, also known as "dependency hijacking" or "substitution attack," allows attackers to launch software supply chain attacks by exploiting vulnerable dependencies in open source software.

According to new research, threat actors can use the DOS-to-NT path conversion process to achieve rootkit-like capabilities and conduct malicious activities such as concealing and impersonating files, directories, and processes. According to SafeBreach security researcher Or Yair, the DOS path at which the file or folder exists is converted to an NT path when a user executes a function with a path argument in Windows. During the conversion process, a known issue occurs: the function removes trailing dots from any path element and trailing spaces from the last path element.

According to the Shadowserver Foundation, a recently addressed vulnerability could affect about 6,000 Internet-accessible Palo Alto Networks firewalls. Palo Alto Networks disclosed the flaw on April 12 and began rolling out patches a few days later. State-sponsored threat actors had exploited the vulnerability, and this activity recently increased after Proof-of-Concept (PoC) code was released.

A hack that caused a small Texas town’s water system to overflow in January has recently been linked to a shadowy Russian hacktivist group. The attack was one of three on small towns in the rural Texas Panhandle. Local officials said the public was not in danger, and the attempts were reported to federal authorities. Mike Cypert, the city manager of Hale Center, said there were 37,000 attempts in four days to log into their firewall. He added that the attempted hack failed as the city “unplugged” the system and operated it manually.

Cannes Hospital Centre – Simone Veil (CHC-SV) recently shut down its systems in response to a cyberattack it fell victim to. Also known as the Broussailles Hospital, the healthcare organization decided to completely cut off computer access to contain the attack, which forced employees to turn to pen and paper to continue providing services to patients. CHC-SV says it is making all the efforts to ensure that it can provide the full range of care across its fields of activity, adding that it has been working with regional healthcare entities to redirect patients based on their needs.

The MITRE Corporation recently became the latest high-profile victim of an Ivanti-related breach after a nation-state actor compromised its R&D network via two chained zero-day vulnerabilities. The non-profit said the last time it suffered a significant cyber-incident like this was 15 years ago. MITRE noted that an unnamed state actor on this occasion comprised MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network that provides storage, computing, and networking resources.