According to security researchers at Comparitech, ransomware attacks on US schools and colleges have surged in recent years, with 491 incidents recorded since 2018, impacting over 8000 educational institutions and exposing 6.7 million individual records.  The researchers noted that in 2023, the number of attacks reached a record high of 121, marking a significant increase from the 71 attacks reported in 2022. The average downtime per attack has also grown, rising from just under nine days in 2021 to 12.6 days in 2023.

By grigby1 

By krahal

The backdrop flurry of the US presidential election on 5 November comes with increasing cyber heat, for worse, and with counter measures, somewhat better.

By grigby1

Hundreds of open source Large Language Model (LLM) builder servers and dozens of vector databases leak sensitive data to the web. There is a rush among companies to implement Artificial Intelligence (AI) into their business workflows, but not enough attention is paid to securing these tools and the information they handle. Naphtali Deutsch, a researcher at Legit Security, scanned the web for two potentially vulnerable open source AI services: vector databases, which store data for AI tools, and LLM application builders, such as Flowise.

"Peach Sandstorm," an Iran-backed hacking group, has created a new custom multi-stage backdoor to infiltrate targets during cyber espionage operations. Microsoft Threat Intelligence named the new malware "Tickler," which has been used in attacks against targets in the satellite, communications equipment, oil and gas as well as federal and state government sectors. Microsoft Threat Intelligence discovered two samples of the Tickler malware launched by Peach Sandstorm in compromised environments between April and July 2024.

"Pioneer Kitten" is an Iranian hacking group infiltrating US defense, education, finance, and healthcare organizations and extorting victims with affiliates of several ransomware operations. The threat group, also known as "Fox Kitten," "UNC757," and "Parisite," has been active since 2017.

"LummaC2" malware has reemerged, infiltrating and exfiltrating sensitive data. The infostealer malware actively exploits PowerShell commands. According to researchers at Ontinue, the latest variant of LummaC2 uses sophisticated tactics. LummaC2, which was first seen in Russian-speaking forums in 2022, is a C-based tool distributed as Malware-as-a-Service (MaaS).

According to Cisco Talos, "BlackByte" ransomware attackers have exploited a recently patched VMware ESXi hypervisor flaw while also abusing different vulnerable drivers to disable security. The group is changing tactics by exploiting a VMware ESXi authentication bypass vulnerability, which other ransomware groups have also weaponized. This article continues to discuss the BlackByte ransomware group's exploitation of an authentication bypass vulnerability in VMware ESXi.

ESET discovered a cyber espionage campaign, traced to the Seoul-aligned APT-C-60 group, that exploited a novel Remote Code Execution (RCE) vulnerability in WPS Office for Windows to launch a custom backdoor. The APT used the "SpyGlace" backdoor against victims in East Asia. This article continues to discuss the new APT-C-60 group's campaign involving the exploitation of an RCE vulnerability in WPS Office for Windows.

Infosecurity Magazine reports "South Korean Spies Exploit WPS Office Zero-Day"