US government agencies recently warned organizations of ongoing Phobos ransomware attacks targeting government, education, emergency services, healthcare, and other critical infrastructure sectors.  Active since May 2019, Phobos operates under the ransomware-as-a-service (RaaS) business model and has successfully extorted several millions of dollars from victim organizations.

"CryptoChameleon" is a phishing campaign that began by targeting cryptocurrency customers but has since changed to focus on employees at Binance, Coinbase, and the Federal Communications Commission (FCC). According to Lookout researchers, these employees are targeted and phished through fake Single Sign-On (SSO) pages mimicking the actual Okta SSO pages at the targeted organizations, allowing the attackers to steal login credentials as well as personal and enterprise data.

According to Group-IB's Hi-Tech Crime Trends 2023/2024 report, the partnership between ransomware groups and Initial Access Brokers (IABs) remains powerful in the cybercrime industry. There has been a 74 percent year-on-year increase in companies that had their data uploaded on Dedicated Leak Sites (DLS). Global threat actors have also shown an increased interest in Apple platforms, as evidenced by the significant growth in underground sales of macOS information stealers. Group-IB experts observed a 70 percent increase in public posts offering zero-day exploits for sale.

The US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners have released a Cybersecurity Advisory (CSA) in response to the exploitation of multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. According to the organizations and industry partners, these vulnerabilities have been targeted by various cyber threat actors.

US restaurant chain Golden Corral recently announced that personal information was stolen in a data breach.  The incident, the company says, was identified on August 15, 2023, and led to the disruption of certain corporate operations.  The company noted that the investigation that ensued determined that a threat actor accessed certain systems and “acquired certain data relating to current and former employees and beneficiaries between August 11, 2023, until August 15, 2023”.

Researchers at the Georgia Institute of Technology have discovered a way to take over computers that control infrastructure and industrial systems. Programmable Logic Controllers (PLCs) increasingly include embedded web servers and can be accessed on-site using web browsers. Attackers can use this method to gain complete access to the system. Such access could allow them to make motors spin out of control, turn off power relays or water pumps, disrupt Internet or telephone communication, or steal sensitive information. They could also launch or disrupt weapons.

A new report from Synopsys reveals an alarming increase in high-risk vulnerabilities in commercial codebases, raising the risk of hacking and data theft. Although the percentage of codebases with at least one open-source vulnerability remained consistent year-over-year at 84 percent, significantly more codebases had high-risk vulnerabilities in 2023. The percentage of codebases with high-risk open-source vulnerabilities increased from 48 percent in 2022 to 74 percent in 2023.

Consumer Reports detailed a security flaw in several Internet-connected doorbell cameras that allows hackers to hijack them. The organization published research on four security and privacy flaws in cameras made by EKEN, a company based in Shenzhen, China. According to Consumer Reports, the most significant issue is that if someone is near an EKEN doorbell camera, they can take control of it by downloading its official app, Aiwit, and pairing the camera by holding down the doorbell's button for eight seconds.