The INC Ransom extortion gang has threatened that it is going to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland.  In a post yesterday, the cybercriminals shared multiple images containing medical details and said that they would leak data "soon" unless the NHS pays a ransom.  Scotland's NHS is the country's public health system, providing services ranging from primary care, hospital care, dental care, pharmaceutical, and long-term care.

Cybercriminals have been selling custom Raspberry Pi software called "GEOBOX" on Telegram that allows inexperienced hackers to turn the mini-computers into anonymous cyberattack tools. Researchers at Resecurity discovered the tool while investigating a high-profile banking theft incident involving a Fortune 100 company. Malicious individuals used several GEOBOX devices, with each connected to the Internet and strategically placed in different remote locations. These devices functioned as proxies, increasing their anonymity.

Cisco's 2024 Cybersecurity Readiness Index reveals that only 3 percent of organizations are resilient against cybersecurity threats, representing a significant drop in the proportion of global organizations with a mature level of readiness. Nearly 71 percent of organizations fell into the bottom two categories: 'formative' (60 percent) and 'beginner' (11 percent).

Security researchers at Human Security discovered that dozens of VPN applications that turn Android devices into residential proxies were being offered on the Google Play store.  The researchers noted that all the identified malicious applications contained a Golang library responsible for enrolling the device as a proxy node and appeared linked to Asocks, a residential proxy seller.  At least 28 VPN applications containing the malicious library were submitted to Google Play.  After being notified, all apps have been removed from the store.

According to researchers at Netcraft, the Chinese-language Phishing-as-a-Service (PhaaS) platform "Darcula" created 19,000 phishing domains in cyberattacks against over 100 countries. The platform provides cybercriminals with easy access to branded phishing campaigns for a monthly subscription fee of around $250. Darcula is said to be more sophisticated than other PhaaS platforms. It supports many of the same tools used by application developers, such as JavaScript, React, Docker, and Harbor.

According to Google, the volume of zero-day vulnerabilities it detected increased by over 50% from 2022 to 2023, with bugs in third-party components on the rise.  Google discovered a total of 97 zero days in 2023, just shy of the record 106 detected in 2021.  Google claimed end-user platform vendors like Apple, Google, and Microsoft have made “notable investments” to reduce the number of exploitable zero days threat actors can find, making certain types “virtually non-existent” today.

By grigby1 

By krahal

The U.S. House of Representatives has been very busy lately, and the Senate and White House are keeping unusual working hours as well. Tempus fugit, and so also may TikTok though in a different direction.

By aekwall 

CISA recently added a second SharePoint flaw, demonstrated last year at a Pwn2Own hacking competition, to its Known Exploited Vulnerabilities (KEV) list.  The Star Labs team demonstrated the flaw, tracked as CVE-2023-24955, in March 2023 at Pwn2Own Vancouver alongside CVE-2023-29357.   This two-bug exploit chain, which allows unauthenticated remote code execution on SharePoint servers with elevated privileges, earned the Star Labs team $100,000 at Pwn2Own. Microsoft patched CVE-2023-24955 and CVE-2023-29357 with SharePoint updates released in May and June 2023, respectively.