The Iranian-linked threat actor "TA453," also known as "Charming Kitten," has been using a PowerShell-based malware toolkit named "BlackSmith" in a sophisticated phishing attack. According to researchers at Proofpoint, the campaign began in July 2024, targeting a prominent Jewish figure with emails spoofing the Institute for the Study of War (ISW). TA453, posing as the ISW Research Director, invited the target to a podcast to appear legitimate. After building trust, the group sent a malicious link masked as a legitimate podcast URL to deliver BlackSmith.

US intelligence officials are confident that Iran was behind hacks against the Trump and Biden-Harris presidential campaigns. Tehran is believed to be using the hacks to influence American politics and the election. The Federal Bureau of Investigation (FBI) and other federal agencies' assessment was the first time the US government designated blame for hacks that have reignited fears of foreign election interference. This article continues to discuss US intelligence officials' conclusion that Iran is to blame for hacks targeting Trump and Biden-Harris campaigns.

According to a new report by the UK backup solutions provider Databarracks, more organizations than ever before have subscribed to cyber insurance, but the number of claims is declining. In its "2024 Data Health Check report," the company discovered that 66 percent of UK organizations reported having cyber insurance in 2024, up from 51 percent in 2022 and 57 percent in 2023. However, the number of organizations filing cyber insurance claims decreased from 58 percent in 2022 to 36 percent in 2024.

According to the WordPress security company Defiant, the GiveWP WordPress plugin contains a critical vulnerability that enables Remote Code Execution (RCE) and arbitrary file deletion on over 100,000 websites. The bug allows unauthenticated attackers to inject a PHP object and exploit a Property Oriented Programming (POP) chain to execute arbitrary code remotely or delete arbitrary files. This article continues to discuss the potential exploitation and impact of a critical vulnerability in the GiveWP WordPress plugin.

According to security researchers at Chainalysis, ransomware payments and stolen cryptocurrency have increased in the first half of 2024.  The researchers found that while illegal on-chain activity has dropped by nearly 20% year-to-date, ransomware payments have increased by 2%, from $449.1 million in the first half of 2023 to $459.8 million in the first half of 2024.  In addition, the amount of cryptocurrency stolen this year has increased to $1.58 billion, up from $857 million last year.

The Mandiant Managed Defense team has discovered an increase in malware infections caused by malvertising campaigns that distribute a loader named "FakeBat," also known as "EugenLoader" and "PaykLoader." The researchers consider these attacks "opportunistic," as they are aimed at users looking to download popular business software. The infection involves a trojanized MSIX installer that runs a PowerShell script to download a secondary payload.

New York City-based nonprofit healthcare organization Jewish Home Lifecare has recently revealed that a data breach disclosed earlier this year impacted more than 100,000 individuals.

"Xeon Sender," a cloud-based tool, helps attackers launch large-scale SMS spam and phishing campaigns using legitimate Software-as-a-Service (SaaS) providers. The tool, which is distributed via Telegram and different hacking forums, makes it easier to send bulk SMS messages by using valid Application Programming Interface (API) credentials from Amazon SNS, Twilio, and other popular service providers. This article continues to discuss findings regarding the Xeon Sender tool.

Researchers at Gen Threat Labs have linked the exploitation of one of the zero-days recently patched by Microsoft to North Korea's "Lazarus" Advanced Persistent Threat (APT) group. The vulnerability marked as "actively exploited" by Microsoft enables SYSTEM privileges on the latest Windows operating systems. Gen Threat Labs posted a note connecting the exploitation to Lazarus through the use of the "FudModule" rootkit, previously documented by Avast as part of the Lazarus APT toolkit.

The Oregon Zoo recently notified roughly 118,000 individuals that their names and payment card information were stolen from its online ticketing service.  The incident was identified on June 26, resulting in names, payment card numbers, CVVs, and expiration dates being exfiltrated.  The zoo noted that transactions processed between December 20, 2023, and June 26, 2024, were likely affected.  According to the zoo, threat actors redirected transactions from the third-party vendor that processed online ticketing purchases for Oregon Zoo.