The new "FakeUpdate" campaign targeting users in France involves compromised websites that display fake browser and app updates, which deliver a new version of the WarmCookie backdoor. The threat group "SocGolish" compromises or creates fake websites to display fake update prompts for web browsers, Java, VMware Workstation, WebEx, and Proton VPN. If a user clicks on the legitimate-looking update prompts, a fake update is downloaded that drops cryptocurrency drainers, ransomware, and more. This article continues to discuss the FakeUpdate campaign.

Sellafield Ltd was recently fined $437,440 for cybersecurity failings running the Sellafield nuclear facility in Cumbria, North-West England.  The fine was issued by Westminster Magistrates Court.  Sellafield Ltd has also been ordered to pay prosecution costs of $70,060.  The charges relate to Sellafield's management of the security around its information technology systems between 2019 and 2023 and breaches of the Nuclear Industries Security Regulations 2003.

According to security researchers at Cisco Talos, a financially-motivated threat actor has been observed targeting organizations globally with a MedusaLocker ransomware variant.  Known as “BabyLockerKZ,” the variant has been around since at least late 2023, and this is the first time it has been specifically called out as a MedusaLocker variant.  The researchers noted that this variant uses the same chat and leak site URLs as the original MedusaLocker ransomware.

New international law enforcement actions have resulted in four arrests and the takedown of nine servers linked to the "LockBit" ransomware operation. According to Europol, the arrests included a suspected LockBit developer in France, two people in the UK believed to have supported an affiliate, and an administrator of a bulletproof hosting service in Spain used by the LockBit ransomware group. Authorities unmasked a Russian national named Aleksandr Ryzhenkov as one of the high-ranking Evil Corp cybercrime group members while also outing him as a LockBit affiliate.

Symantec threat analysts warns that the North Korean Advanced Persistent Threat (APT) group "Stonefly," also known as "APT45," continues to target US companies despite an indictment. Stonefly is linked to the Reconnaissance General Bureau (RGB), a North Korean military intelligence agency. Mandiant's threat analysts previously noted that APT45 relies on publicly available tools such as "3PROXY," malware modified from publicly available malware, and custom malware families. This article continues to discuss key findings regarding Stonefly. 

For at least three years, the Linux malware named "perfctl" has targeted Linux servers and workstations, evading detection with rootkits. According to Aqua Nautilus researchers, the malware likely targeted millions of Linux servers in recent years, possibly infecting several thousands. The perfctl malware is mainly deployed for cryptomining as compromised servers have been used to mine the Monero cryptocurrency, but the malware could easily be used for more harmful operations. This article continues to discuss findings regarding the perfctl Linux malware.

MITRE has announced the full release of the "EMB3D Threat Model," which now maps essential mitigations to security controls outlined in the Industrial Automation and Control Systems standard. EMB3D, announced in December 2023 and released in May 2024, provides information regarding cyber threats faced by embedded devices in critical infrastructure and other industries. The framework, aligned with CWE, ATT&CK, and CVE threat models, helps asset owners, operators, vendors, and security researchers secure embedded devices.

According to Egress, email phishing attacks increased 28 percent in the second quarter of 2024 compared to the first quarter, with attackers using effective methods to defeat defenses. Attackers often send phishing emails from familiar accounts to get around authentication protocols. From April to June 2024, 44 percent of attacks came from internally compromised accounts, with 8 percent coming from an account within the organization's supply chain. This article continues to discuss findings surrounding the surge in email phishing attacks.