Over 35,000 registered domains have been hijacked in "Sitting Ducks" attacks. These attacks enable a domain to be claimed without access to the owner's account at the Domain Name System (DNS) provider or registrar. Cybercriminals exploit configuration flaws at the registrar level and DNS providers' inadequate ownership verification. Infoblox and Eclypsium found that there are over a million exploitable target domains on any given day. Multiple Russian cybercriminal groups have used this attack vector and the hijacked domains in spam campaigns, malware delivery, and more.

According to Cleafy, "BingoMod," a recently discovered Remote Access Trojan (RAT), targets Android users to steal information and money via Account Takeover (ATO). BingoMod enables threat actors to initiate money transfers from infected devices. It evades authentication, verification, and behavioral detection protections through On-Device Fraud (ODF). Once the device is infected, the malware abuses permissions, performs overlay attacks, and more. This article continues to discuss findings regarding the BingoMod Android RAT.

A new Vipre Security Group study brings further attention to the use of Artificial Intelligence (AI) tools increasing Business Email Compromise (BEC) attacks. According to the company's "Email Threat Trends Report: Q2 2024," 226 million spam messages and nearly 17 million malicious URLs were detected in 1.8 billion emails processed by the vendor during Q2. Forty-nine percent of these blocked spam emails were BEC attacks. Vipre observed a 20 percent rise in BEC attacks. This article continues to discuss the increase in BEC attacks due to AI tools.

According to Microsoft, an implementation error amplified the impact of a recent Distributed Denial-of-Service (DDoS) attack that disrupted Azure cloud services for nearly eight hours. The attack affected Azure App Services, Azure IoT Central, Application Insights, Log Search Alerts, and other Azure offerings. The disruption also affected the main Azure portal and some Microsoft 365 and Microsoft Purview data-protection services. This article continues to discuss the DDoS attack, inadvertent errors in DDoS mitigation, and the adoption of "smash and grab" tactics in DDoS attacks.

Over the past year, "UNC4393," a threat group that infects targets with the "Basta" ransomware, has changed how it gains initial access to victims. The threat group previously relied on existing "Qakbot" infections, delivered through phishing attacks, for initial access. After US law enforcement took down Qakbot infrastructure last year, the threat group shortly used "DarkGate" malware as an initial access loader before switching to the "SilentNight" backdoor this year. According to Mandiant researchers, malvertising has driven this year's SilentNight surge.

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have jointly released a Public Service Announcement (PSA) titled "Just So You Know: DDoS Attacks Could Hinder Access to Election Information, Would Not Prevent Voting." The publication, released as part of their PSA series for the 2024 election cycle, warns that Distributed Denial-of-Service (DDoS) attacks on election infrastructure or adjacent infrastructure supporting election operations could interfere with public access to election information but would not affect the security

There has been a rise in state-sponsored cyberattacks on the shipping industry. According to NHL Stenden University of Applied Sciences research recently cited by the Financial Times, the shipping industry faced at least 64 cyber incidents in 2023. Over 80 percent of the incidents logged since 2001 involving a known attacker stemmed from Russia, China, North Korea, or Iran. This article continues to discuss the spike in cyberattacks faced by the shipping sector.

According to Zscaler ThreatLabz, a Fortune 50 company paid a record $75 million ransom to the "Dark Angels" ransomware group. Previously, the largest known ransom payment was $40 million by the insurance company CNA after an "Evil Corp" ransomware attack. Zscaler ThreatLabz did not reveal which Fortune 50 company paid the $75 million ransom, but it was confirmed that the attack occurred in early 2024. Dark Angels began targeting companies worldwide with ransomware in May 2022.

Researchers have discovered two vulnerabilities that could allow threat actors to abuse hosted email services in order to spoof the sender's identity and evade protections. The identified vulnerabilities impact millions of domains. The CERT Coordination Center (CERT/CC) at Carnegie Mellon University warns that authenticated attackers can spoof the identity of a shared, hosted domain and use network authorization to spoof the email sender. The flaws stem from the failure of many hosted email services in properly verifying trust between the authenticated sender and their allowed domains.

A malicious package named "zlibxjson version 8.2," has been discovered in the PyPI repository. The package was detected by Fortinet's Artificial Intelligence (AI)-powered OSS malware detection system on July 3, 2024, closely following its release on June 29, 2024. The package downloaded multiple files, including a PyInstaller-packed executable (.exe) that revealed several Python and DLL files when unpacked. This article continues to discuss findings regarding the new malicious PyPI package.