The "Chameleon" malware has returned with a new campaign against an international restaurant chain, with a focus on the European and Canadian regions. According to analysts at Threat Fabric, the device takeover trojan is now disguised as a restaurant Customer Relationship Management (CRM) app, targeting hospitality employees as well as potential Business-to-Consumer (B2C) company employees. This article continues to discuss the history of the Chameleon malware and its new campaign attacking restaurants in Canada and Europe.

INTERPOL's "global stop-payment mechanism" helped recover millions of dollars in funds defrauded in a large Business Email Compromise (BEC) scam. The move follows a mid-July 2024 BEC scam at a Singapore commodity company. BEC attacks are a type of cybercrime that can be carried out in a variety of ways, such as gaining unauthorized access to a finance employee's or law firm's email account and sending fake invoices, or impersonating a third-party vendor and sending a fake bill. This article continues to discuss INTERPOL's recent recovery of funds defrauded in a BEC scam.

Pharmaceutical company Cencora recently confirmed in an update on July 31 that sensitive personal and health data was exfiltrated during a cyberattack in February 2024.  The company noted that most of the information impacted was maintained by a subsidiary company that provides patient support services.  The company did not state the number of people affected by the breach or name the subsidiary firm.  The company noted that there is currently no evidence that the attackers have published or misused the data.

The Grand Palais' IT director observed unusual activity on the museum's systems on the night of August 3-4 and discovered that it was due to a ransomware attack targeting systems used to "centralize financial data" for approximately 40 museums in France, including the Grand Palais.  The IT director notified the French cybersecurity agency (ANSSI).  Many of the affected museums say the attackers have encrypted parts of their systems, requested a ransom in cryptocurrency, and threatened to leak data if the victim had not paid within 48 hours.

Between 2020 and 2023, Microsoft says it paid approximately $13 million annually through bug bounty programs. However, between July 1, 2023, and June 30, 2024, the amount increased to $16.6 million for the past year. This brings the total paid out by Microsoft since 2018 to $75.5 million. Microsoft noted that over the past year, it has rewarded 343 researchers from 55 countries with more than 1,300 eligible vulnerability reports.

The Russian Advanced Persistent Threat (APT) group "FIN7" is selling "AvNeutralizer," also known as "AuKill," on Russian-speaking hacking forums. With AvNeutralizer, hackers can tamper with security solutions and launch their own attacks. According to SentinelOne, FIN7's development and commercialization of AvNeutralizer in criminal underground forums boosts the impact of the group. Since they are selling their tools, many less experienced groups can now launch highly sophisticated attacks quickly. AvNeutralizer, together with other FIN7 tools, makes the group increasingly dangerous.

The "Magniber" ransomware campaign is encrypting home users' devices, demanding thousand-dollar ransom payments from victims. Magniber emerged in 2017 as a successor to the "Cerber" ransomware operation. Over the years, the threat actors have applied various methods, including using Windows zero-days, trojanized software cracks, and more to distribute Magniber and encrypt devices. The Magniber campaign mainly targets individual users who download malicious software and execute it on their home or small business systems.

A cyberattack on the blood bank OneBlood has impacted over 250 hospitals. While some are still able to collect, test, and distribute blood, their operations have been heavily diminished. Many patients are dependent on a supply of blood, especially in the summer months when donations tend to be lower. OneBlood has issued an urgent outreach for O+ and O- blood and platelet donations. The company is working with federal, state, and national cyber security experts to restore services.

The Russian threat actor "Fighting Ursa," also known as "APT28," "Fancy Bear," and "Sofacy," has used car ads as a lure to distribute the "HeadLace" backdoor malware. The scheme targets Eastern European diplomats in need of personal transportation, luring them with a supposed good deal on an Audi Q7 Quattro SUV. This article continues to discuss the history of the Fighting Ursa Advanced Persistent Threat (APT) and the group's use of car ads as a lure to distribute HeadLace backdoor malware.

Researchers at Elastic Security Labs have discovered design flaws in Microsoft's Windows Smart App Control and SmartScreen. The exploitation of these vulnerabilities could allow threat actors to gain initial access to target environments with minimal user interaction and no security warnings. This article continues to discuss findings regarding the design weaknesses uncovered in Microsoft's Windows Smart App Control and SmartScreen.