A new Searchlight Cyber report reveals a 56 percent rise in ransomware gangs in the first half of 2024. In the first half of 2024, researchers observed 73 ransomware groups operating compared to 46 during the same period in 2023. This trend follows law enforcement operations that disrupted several high-profile Ransomware-as-a-Service (RaaS) groups in the past year. According to the researchers, smaller, lesser-known groups are emerging quickly and launching highly targeted attacks, often stopping and then resurfacing under new names.

Ongoing research conducted by the University of Buffalo looks into how vulnerable Artificial Intelligence (AI) systems in self-driving vehicles are to an attack. Their findings suggest that malicious actors may cause these systems to fail. For example, strategically placing 3D-printed objects on a vehicle can make it invisible to AI-powered radar systems, preventing detection. The research notes that while AI can process a lot of information, it can also get confused and deliver incorrect information if it is provided with special instructions that it was not trained to handle.

After a researcher claimed to have hacked Intel's Software Guard Extensions (SGX) data protection technology, clarifications have been made by the chip giant. Mark Ermolov, a security researcher at Positive Technologies who specializes in Intel products, recently revealed that he and his team extracted cryptographic keys pertaining to Intel SGX. SGX is designed to protect code and data from software and hardware attacks. The technology stores it in a Trusted Execution Environment (TEE) known as an enclave, a separated and encrypted region.

Researchers at Palo Alto Networks discovered that its Virtual Private Network (VPN) software, GlobalProtect, was used to distribute a new variant of the "WikiLoader" loader malware, also known as "WailingCrab." WikiLoader is a sophisticated downloader malware first identified in 2022 by Proofpoint researchers who made it public in 2023. Palo Alto Networks' Unit 42 shared findings regarding the WikiLoader campaign involving GlobalProtect-themed Search Engine Optimization (SEO) poisoning. This article continues to discuss findings surrounding the new WikiLoader campaign.

Cisco Talos researchers found eight vulnerabilities in Microsoft apps for macOS that enable attackers to inject malicious libraries and steal permissions. Exploitation could allow access to the microphone, camera, and other sensitive resources. The researchers analyzed the platform's permission-based security model, which is based on the Transparency, Consent, and Control (TCC) framework. This article continues to discuss the potential exploitation and impact of vulnerabilities in Microsoft apps for macOS.

According to Corvus Insurance, new ransomware groups such as "PLAY," "Medusa," "RansomHub," "INC Ransom," "BlackSuit," and others led a series of attacks in the second quarter that surpassed the first quarter of this year by 16 percent and the second quarter of 2023 by 8 percent. These new threat actors emerged after the international law enforcement takedown of "LockBit" and "BlackCat." This article continues to discuss the rise in ransomware attacks and payouts.

"Head Mare" is a hacktivist group linked to cyberattacks targeting organizations in Russia and Belarus. The group uses up-to-date methods to obtain initial access. For example, the attackers exploited WinRAR's relatively new vulnerability, which allows them to run arbitrary code on the system using a specially prepared archive. This method enables the group to effectively deliver and hide the malicious payload. This article continues to discuss findings regarding the Head Mare hacktivist group's tactics and tools.

For at least a year, attackers have used malicious Node Package Manager (npm) packages mimicking the popular "noblox.js" library to infect Roblox game developers with malware. The malware steals Discord tokens and system data, as well as deploys additional payloads. Checkmarx researchers say the campaign involves brandjacking, combosquatting, and starjacking. This article continues to discuss findings regarding the evolving npm package campaign targeting Roblox game developers.

Virtualization software technology vendor VMware recently announced a security update for its Fusion hypervisor to address a high-severity vulnerability that exposes users to code execution exploits.  The root cause of the issue, which is tracked as CVE-2024-38811 (CVSS 8.8/10), is an insecure environment variable.  VMware noted that the CVE-2024-38811 defect could be exploited to execute code in the context of Fusion, which could potentially lead to complete system compromise.

 According to Google, two security updates released over the past week for the Chrome browser resolve eight vulnerabilities, including six high-severity bugs reported by external researchers.  Last week, Google announced a Chrome 128 update with patches for four externally reported high-severity memory safety flaws.  Google noted that three of the security defects affect the browser’s V8 JavaScript engine.  They include two type confusion issues and a heap buffer overflow.