The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about "SPECTR" malware attacks on the country's defense forces. These attacks are part of the "SickSync" espionage campaign. According to the agency, the attacks are connected to a threat actor tracked as "UAC-0020," also known as "Vermin." The threat actor is believed to be associated with security agencies of the Luhansk People's Republic (LPR). This article continues to discuss the targeting of Ukraine's defense forces by the SickSync espionage campaign involving SPECTR malware.

Google and the Consortium of Cybersecurity Clinics awarded 15 colleges, universities, and community colleges up to $1 million each to open cybersecurity clinics at campuses. Google will also provide student mentorship opportunities at the selected higher education institutions. The company's cybersecurity clinics fund aims to strengthen members of the Consortium of Cybersecurity Clinics and the cyber workforce. This article continues to discuss Google and the Consortium of Cybersecurity Clinics granting 15 universities and colleges up to $1 million each to create new clinics.

Microsoft has decided to disable its Windows Recall feature on Copilot+ PCs by default. The feature, considered a security and privacy risk, was turned on by default, requiring users to go through checkboxes to opt out of the software. Windows Recall uses Artificial Intelligence (AI) to create a searchable digital memory of everything a user does on their Windows computer. Security researchers found several ways malware could steal Windows Recall data, and Google Project Zero researcher James Forshaw showed that Windows Recall data is poorly protected.

Security researchers at Patchstack have discovered multiple security vulnerabilities in the WooCommerce Amazon Affiliates (WZone) plugin.  This premium WordPress plugin, developed by AA-Team and boasting over 35,000 sales, is designed to assist site owners and bloggers in monetizing their websites via the Amazon affiliate program.  The researchers noted that the vulnerabilities identified are serious, impacting all tested versions, including version 14.0.10 and potentially those from version 14.0.20 onward.

Los Angeles Unified School District (LAUSD) officials announced they are investigating a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers.  LAUSD is the second largest public school district in the United States, with over 25,900 teachers, roughly 48,700 other employees, and more than 563,000 students enrolled during the 2023-2024 school year.  The group claiming to have stolen data is the Vice Society ransomware group.  Vice Society is selling the allegedly stolen data for $1,000.

SolarWinds recently announced patches for multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a penetration tester working with NATO.  Version 2024.2, the latest SolarWinds Platform iteration, includes patches for three new security defects and fixes for multiple bugs in third-party components.  The first issue, tracked as CVE-2024-28996 and reported by a NATO Communications and Information Agency pentester, is described as an SWQL injection flaw.

Experts warn that the ransomware ecosystem has changed significantly in 2024, and organizations must adapt their defenses. Bitdefender Technical Solutions Director Martin Zugec calls on the security community to forget what they know about ransomware and learn how new groups are changing the game. According to Zugec, the recent collapse of two leading Ransomware-as-a-Service (RaaS) operators, "LockBit" and "BlackCat," prompted this change. Law enforcement took down LockBit infrastructure in February 2024.

According to former National Cyber Security Centre CEO Ciaran Martin, the "Qilin" Ransomware-as-a-Service (RaaS) group is believed to have been behind the recent cyberattack that forced multiple London hospitals to declare a state of emergency. Qilin typically targets high-value targets and launches double extortion attacks against the healthcare and education sectors. A Cyberint analysis found that the Qilin ransomware has Golang and Rust variants, with the Rust variant being more evasive, customizable, and hard to decipher.

Akamai warns that two Remote Code Execution (RCE) vulnerabilities in ThinkPHP that were patched five years ago are being exploited in a new wave of attacks. The bugs, publicly disclosed in late 2018 and early 2019, affect Content Management Systems (CMS) using older versions of the popular open source web application framework. A Chinese-speaking threat actor has exploited the flaws to fetch a file from a likely compromised server in China and deploy a web shell on vulnerable servers in two attack campaigns.