Researchers at ESET discovered five cyber espionage campaigns targeting Android users in Egypt and Palestine with trojanized apps. The campaigns have been attributed to the "Arid Viper" hacking group with medium confidence. ESET researchers named the spyware used to infect target Android apps "AridSpy." The malicious apps impersonate NortirChat, LapizaChat, ReblyChat, PariberyChat, and RenatChat. This article continues to discuss cyber espionage campaigns targeting Android users in Egypt and Palestine with trojanized apps.

In a recent Bitdefender survey, 96 percent of participating cybersecurity professionals agreed that generative Artificial Intelligence (AI) technology threatens overall cybersecurity. More than 36 percent said its use for manipulating or creating deceptive content, such as deepfakes, is a significant threat. This article continues to discuss key findings from Bitdefender's 2024 Cybersecurity Assessment Report.

Help Net Security reports "GenAI Keeps Cybersecurity Pros on High Alert"

In summer 2023, Microsoft President Brad Smith admitted that security failings enabled Chinese state hackers to access US government officials' emails. Microsoft was blamed for a "cascade of security failures" that allowed the Chinese threat actor "Storm-0558" to access 25 organizations' email accounts, including those belonging to US government officials, according to an April 2024 Cyber Safety Review Board (CSRB) report.

The US Cybersecurity and Infrastructure Security Agency (CISA) warns federal agencies of the ongoing exploitation of a patched authentication bypass vulnerability in Progress Software's Telerik Report Server. The vulnerability exists because the current installation setup was not properly validated in version 2024 Q1 (10.0.24.305) and earlier iterations. The flaw enables an attacker to supply specific parameters and create a new administrator user. They can then log in to the server.

Cisco Talos and Volexity warn that Pakistan-based threat actors have targeted Indian government entities in two espionage campaigns. Since 2018, "Operation Celestial Force" has targeted Indian defense, government, and technology employees with Android and Windows malware.

Edge devices, services, and network infrastructure devices often start mass exploitation attacks. There has been a rise of mass exploitation compromises and criminal targeting of edge and infrastructure devices. Nation-states such as Russia and China and criminal groups like FIN11 use edge devices, often compromised by zero-day vulnerabilities, according to Mandiant's M-Trends 2024 report. According to Forescout's Riskiest Devices 2024 report, endpoints were the riskiest in 2023 but are now network infrastructure.

Matthew Feeney, head of tech and innovation at the UK-based Centre for Policy Studies, warned of the deepfake threat to election integrity. The tech policy expert emphasized how technology has made deepfakes easier and cheaper to make. In a report titled "Facing Fakes: How Politics and Politicians Can Respond to the Deepfake Age," Feeney calls on the UK government update existing laws rather than create new regulations for Artificial Intelligence (AI) and deepfakes.

GitHub has recently announced that through its bug bounty program, which the company launched ten years ago, it has paid out more than $4 million.  In 2023, the bug bounty paid out exceeded $850,000.  GitHub noted that its annual bug bounty payout has exceeded $800,000 since 2021.  The largest single reward in 2023 was $75,000 for a vulnerability that allowed access to the environment variables of a production container.

Rockwell Automation recently announced that it has patched three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software.  The first vulnerability, CVE-2024-37368, is described as a user authentication issue that can lead to information leakage.  The company noted that the vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project.  Due to the lack of proper authentication, this action is allowed without proper authentication verification.

Microsoft recently revealed updates for 51 vulnerabilities, only one of which was rated "critical." Microsoft noted that the bug, CVE-2024-30080, is a remote code execution (RCE) flaw in Microsoft Message Queuing (MSMQ) and has been assigned a CVSS score of 9.8, with exploitation rated as "more likely." Microsoft has recommended disabling the service until a time at which you can install the update.  The zero-day vulnerability, made public in February, is a protocol-level bug impacting DNSSEC validation.