Security researchers at Google's Threat Analysis Group recently discovered a zero-day vulnerability in Samsung's mobile processors that has been leveraged as part of an exploit chain for arbitrary code execution.  Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung's October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device.

A new report by security researchers at Red Shift claims that nearly 75% of US Senate campaign websites lack Domain-based Message Authentication, Reporting, and Conformance (DMARC) protections, leaving them vulnerable to cyberattacks.  The researchers noted that there is an urgent need for campaigns to strengthen cybersecurity, especially with the critical role email communications play in coordinating with voters, donors, and staff.  DMARC is a key tool in preventing phishing and spoofing attacks by ensuring emails sent from a domain are authenticated.

Insurance company Johnson & Johnson has recently disclosed a data breach possibly impacting the personal information of thousands of people.

According to security researchers at Imperva, in the last six months, retailers experienced over half a million (569,884) AI-driven attacks per day.  These attacks originate from AI tools like ChatGPT, Claude, and Gemini, alongside specialized bots designed to scrape websites for LLM training data.  The researchers observed a range of AI-driven threats, including bots, distributed denial of service (DDoS) attacks, API violations, and business logic abuse.

Transak, a fiat-to-crypto payment gateway provider, recently reported a security incident that has impacted 92,554 of its users. According to Transak, attackers gained unauthorized access to one of their employee laptops through a sophisticated phishing attack. The firm noted that the attacker used compromised credentials to log in to the system of a third-party KYC vendor that the company uses for document scanning and verification services. The attacker then gained access to user information stored within the vendor's dashboard.

The U.S. government has recently announced a reward of up to $10 million for information about the Russian media organization Rybar and its employees amid allegations it's involved in spreading propaganda aimed at influencing the upcoming U.S. presidential election.  According to the State Department, Rybar has been accused of using its extensive social media reach, with over 1.3 million followers on various channels, to promote pro-Russian and anti-Western sentiments.

According to security researchers at Netskope, the Bumblebee malware loader could have re-emerged months after Europol-led Operation Endgame disrupted it in May 2024.  Researchers have uncovered a new infection chain that deploys Bumblebee malware.  The researchers noted that this was the first occurrence of a Bumblebee campaign since Operation Endgame, a law enforcement operation performed by Europol and partners in May 2024 that disrupted major malware botnets.

Cyprus recently announced  that it has successfully thwarted a digital attack to block access to the government's central online portal.   The government noted that the distributed denial-of-service attack, or DDoS, only affected the main government portal gov.cy "for a few minutes" and that no other online government ministry or service website was affected.  The deputy ministry didn't say who was behind the attacks or the possible motive.

Security researchers at Positive Technologies recently observed a threat actor attempting to exploit a recent vulnerability in Roundcube Webmail against a governmental organization in a Commonwealth of Independent States (CIS) country.  Tracked as CVE-2024-37383 and described as a cross-site scripting (XSS) issue affecting the way Roundcube was handling SVG animate attributes, the bug was patched on May 19 in Roundcube Webmail versions 1.5.7 and 1.6.7.

Cisco recently confirmed that some of its files have been stolen after a hacker offered to sell information allegedly belonging to the company.  The hacker known as IntelBroker on October 14 announced a “Cisco breach” on a popular cybercrime forum.  IntelBroker claimed to have obtained GitHub and SonarQube projects, source code, hardcoded credentials, certificates, confidential documents, Jira tickets, API tokens, AWS private buckets, encryption keys, and other types of information.