The North Korean state-sponsored threat actor known as "APT37" is spreading a new backdoor named "VeilShell." Most North Korean Advanced Persistent Threats (APTs) target South Korean or Japanese organizations, but APT37's latest campaign appears to target Cambodia, a country Kim Jong-Un has more complicated relations with. According to Securonix, APT37 has been sending malicious emails in the Khmer language about Cambodian affairs to attract victims.

Researchers at Elastic found that off-the-shelf offensive security tools and poorly configured cloud environments expand the attack surface. About 54 percent of malware alerts involved offensive security tools such as Cobalt Strike and Metasploit. The most prevalent malware family this year was Cobalt Strike, with 27.02 percent of infections. Cobalt Strike is a commercial post-exploitation framework that threat actors often steal and use for their own malicious activities.

Security vulnerabilities are a major issue in Artificial Intelligence (AI)-powered code generation. Therefore, Khiem Ton, a Ph.D. student, and his colleagues at the New Jersey Institute of Technology (NJIT) developed "SGCode," a system that uses advanced AI and security analysis tools to detect and fix security flaws during code creation. SGCode includes Large Language Models (LLMs) such as GPT-4, a graph-based Generative Adversarial Network (gGAN), and security analysis tools. The flexible system lets users switch between code security optimization methods.

In a Distributed Denial-of-Service (DDoS) campaign aimed at financial services, Internet, and telecommunications companies, volumetric attacks peaked at 3.8 terabits per second (Tbps), the largest publicly recorded. The campaign involved over 100 hyper-volumetric DDoS attacks that flooded network infrastructure with garbage data. A volumetric DDoS attack overwhelms the target with large amounts of data, consuming bandwidth or exhausting the resources of applications and devices, denying legitimate users access.

The National Security Agency (NSA), together with the Australian Signals Directorate's Australian Cyber Security Centre (ASD ACSC) and others, released a new Cybersecurity Information Sheet (CSI) titled "Principles of Operational Technology Cyber Security." The CSI delves into six principles for creating and maintaining a safe, secure critical infrastructure Operational Technology (OT) environment. The guidance aims to help improve cybersecurity methods for protecting water, energy, transportation, and more. This article continues the new CSI on OT cybersecurity.

The new "FakeUpdate" campaign targeting users in France involves compromised websites that display fake browser and app updates, which deliver a new version of the WarmCookie backdoor. The threat group "SocGolish" compromises or creates fake websites to display fake update prompts for web browsers, Java, VMware Workstation, WebEx, and Proton VPN. If a user clicks on the legitimate-looking update prompts, a fake update is downloaded that drops cryptocurrency drainers, ransomware, and more. This article continues to discuss the FakeUpdate campaign.

Sellafield Ltd was recently fined $437,440 for cybersecurity failings running the Sellafield nuclear facility in Cumbria, North-West England.  The fine was issued by Westminster Magistrates Court.  Sellafield Ltd has also been ordered to pay prosecution costs of $70,060.  The charges relate to Sellafield's management of the security around its information technology systems between 2019 and 2023 and breaches of the Nuclear Industries Security Regulations 2003.

According to security researchers at Cisco Talos, a financially-motivated threat actor has been observed targeting organizations globally with a MedusaLocker ransomware variant.  Known as “BabyLockerKZ,” the variant has been around since at least late 2023, and this is the first time it has been specifically called out as a MedusaLocker variant.  The researchers noted that this variant uses the same chat and leak site URLs as the original MedusaLocker ransomware.