The chief operating officer (COO) of a US network security firm has recently pleaded guilty to compromising the IT systems of two hospitals in order to generate business for his company.  Securolytics executive Vikas Singla admitted hacking Gwinnett Medical Center (GMC) hospitals in Duluth and Lawrenceville, Georgia.  The incidents, which took place in September 2018, began when Singla modified the configuration files of GMC Duluth hospital’s ASCOM phone system, rendering over 200 handsets inoperable.

A lure file with the ZPAQ compression format is being used to deliver a new Agent Tesla malware variant to gather data from several email clients and about 40 web browsers. Agent Tesla, which first appeared in 2014, is a keylogger and Remote Access Trojan (RAT) written in .NET that is offered to other threat actors via a Malware-as-a-Service (MaaS) model. According to G Data malware analyst Anna Lvova, ZPAQ is a file compression format with a better compression ratio and journaling function than popular formats such as ZIP and RAR.

Attackers are exploiting a recently patched vulnerability in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on Linux systems. Apache ActiveMQ is a popular Java-based open-source message broker that facilitates communication between applications and services by translating messages sent via different protocols such as OpenWire, STOMP, MQTT, and more. The vulnerability in the Java OpenWire protocol marshaller could enable attackers to execute arbitrary code with the same privileges as the ActiveMQ server.

The ransomware hunter PCrisk discovered a new Phobos ransomware variant that attempts to frame the popular VX-Underground malware-sharing collective. Phobos emerged in 2018 as a Ransomware-as-a-Service (RaaS) derived from the Crysis ransomware family. A group of threat actors manages the development of the ransomware and holds the master decryption key, while other threat actors serve as affiliates to infiltrate networks and encrypt devices. This article continues to discuss the new Phobos ransomware variant trying to frame the VX-Underground community.

Business and public use of generative Artificial Intelligence (AI) calls for further understanding of generative AI risks and the specific defenses to mitigate those risks. Jailbreaking and prompt injection are two emerging threats to generative AI. Jailbreaking uses specific prompts to trick the AI into producing harmful or misleading results. Similar to SQL injection in databases, prompt injection hides malicious data or instructions within typical prompts, causing the model to produce unintended outputs and resulting in vulnerabilities or reputational risks.

Cloud monitoring, log management, and SIEM tools provider Sumo Logic has recently completed its investigation into a recent security incident and is saying that it has found no evidence of impact to customer data.  The company stated that third-party forensic experts verified these findings, and the investigation of this incident is now complete and closed.  The company has also shared indicators of compromise (IoCs) and instructions on how customers can check their own environments.

A leading US laboratory famed for cybersecurity, nuclear, and clean energy research has recently suffered a major breach of employee data.  Dating back to the 1940s, Idaho National Laboratory (INL) is responsible for generating the first usable electricity from nuclear power and developing the first nuclear propulsion systems for nuclear submarines and aircraft carriers.  Idaho National Laboratory determined that it was the target of a cybersecurity data breach, affecting the servers supporting its Oracle HCM system, which supports its human resources application.

According to a new Georgia Tech cybersecurity study on the current state of password policies across the Internet, three out of four of the world's most popular websites fail to meet minimum requirement standards, allowing tens of millions of users to create weak passwords. Researchers discovered that 12 percent of websites completely lacked password length requirements. They made this discovery using a first-of-its-kind automated tool that can assess a website's password creation policies. Assistant Professor Frank Li and Ph.D.

Nitin Natarajan, Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA), recently joined the Treasury Federal Insurance Office and the New York University Stern School of Business’ Volatility and Risk Institute at their conference on Catastrophic Cyber Risk and a Potential Federal Insurance Response, where he announced that CISA will relaunch the Cybersecurity Insurance and Data Analysis Working Group (CIDAWG).

LockBit has become more visible, with several high-profile victims appearing on the group's website. The group hit the spotlight in 2019. Its high-profile victims include the UK's Royal Mail and the Ministry of Defence, as well as the Japanese cycling component manufacturer Shimano. LockBit has been linked to nearly 2,000 victims in the US alone since it first appeared on the cybercrime scene. This article continues to discuss insights from researchers at Edith Cowan University on the LockBit gang.