YubiKey security keys can be cloned through a side-channel attack involving the exploitation of a vulnerability in a third-party cryptographic library. The attack called "Eucleak" was demonstrated by NinjaLab. Yubico, the company behind YubiKey, has released a security advisory in response to this discovery. YubiKey hardware authentication devices allow users to securely access their accounts using FIDO authentication. The Eucleak attack exploits a vulnerability in an Infineon cryptographic library used by YubiKey and other vendors' products.

Threat actors are using MacroPack, a tool designed for red team exercises, to deploy malware. Cisco Talos researchers discovered several related Microsoft documents uploaded to VirusTotal between May and July 2024. All of them were created by a version of a payload generator framework, MacroPack. A variety of actors and countries, including China, Pakistan, Russia, and the US, uploaded the documents.

The White House has released a roadmap to address Internet routing security issues, specifically Border Gateway Protocol (BGP) vulnerabilities. The BGP protocol is used in the exchange of routing information between Autonomous Systems (AS) on the Internet, but this critical component was not designed with security in mind. Potentially serious vulnerabilities have been discovered in the past years that can allow threat actors to redirect internet traffic. They can lead to disruptions to critical infrastructure, the theft of sensitive information, and more.

In a new update, US oil service giant Halliburton confirmed corporate data was stolen from its computer systems during an August ransomware cyberattack.  The company noted that it is evaluating the nature and scope of the information.  The company’s acknowledgment of data loss comes just days after the US government pinned the blame for the cyberattack on a known ransomware gang called RansomHub. Halliburton employs about 55,000 through hundreds of subsidiaries, affiliates, and brands in more than 70 countries.

Zyxel recently announced patches for multiple vulnerabilities in its networking devices, including a critical severity flaw affecting multiple access points (AP) and security router models.  The critical bug tracked as CVE-2024-7261 (CVSS score of 9.8) is described as an OS command injection issue that could be exploited by remote, unauthenticated attackers via crafted cookies.  The company has released security updates to address the bug in 28 AP products and one security router model.

According to a new study led by the University of Minnesota School of Public Health, although ransomware attacks are more likely in urban areas, operational disruptions may have a greater impact on financially vulnerable rural hospitals and their patients. Patients at rural hospitals are often older, with more health issues and pre-existing barriers to healthcare. Researchers analyzed data on the operations of 43 rural hospitals and 117 urban hospitals that have been hit by ransomware attacks between 2016 and 2021.

The Federal Bureau of Investigation (FBI) warns of North Korean hacking groups performing sophisticated social engineering attacks against cryptocurrency companies and their employees to launch malware aimed at stealing cryptocurrency assets. The FBI says their social engineering tactics are targeted and hard to detect. The North Korean threat actors have been researching potential targets, with a focus on individuals linked to cryptocurrency Exchange-Traded Funds (ETFs) and other related financial products.

According to the annual "LexisNexis Risk Solutions Cybercrime Report," one in four password reset attempts from desktop browsers are fraud. The fraud attempts are part of the rise in password reset attacks. Researchers discovered that fraudsters attempt 70,000 password reset attacks in the UK per week to take over online accounts. Media streaming, e-commerce, and mobile accounts are the most targeted. This article continues to discuss key findings regarding password reset attacks.

As part of its ongoing effort to improve cyber incident reporting, the US Cybersecurity and Infrastructure Security Agency (CISA) moved its cyber incident reporting form to the new CISA Services Portal. The portal lets users save and update reports, share them with colleagues or clients for third-party reporting, and search and filter reports. This article continues to discuss the new portal launched by CISA to enhance cyber reporting.

Researchers at Truesec have discovered new double extortion ransomware with links to the "ALPHV/BlackCat" variant and the "Brutus" botnet. The "Cicada3301" group targets VMware ESXi environments with the goal of shutting down Virtual Machines (VMs), deleting snapshots, and encrypting data. The group's first data leak site post was on June 25, followed by an invitation to new affiliates to join the platform four days later on a cybercrime forum. This article continues to discuss findings regarding the Cicada3301 ransomware group.