The Russian Advanced Persistent Threat (APT) group "FIN7" is selling "AvNeutralizer," also known as "AuKill," on Russian-speaking hacking forums. With AvNeutralizer, hackers can tamper with security solutions and launch their own attacks. According to SentinelOne, FIN7's development and commercialization of AvNeutralizer in criminal underground forums boosts the impact of the group. Since they are selling their tools, many less experienced groups can now launch highly sophisticated attacks quickly. AvNeutralizer, together with other FIN7 tools, makes the group increasingly dangerous.

The "Magniber" ransomware campaign is encrypting home users' devices, demanding thousand-dollar ransom payments from victims. Magniber emerged in 2017 as a successor to the "Cerber" ransomware operation. Over the years, the threat actors have applied various methods, including using Windows zero-days, trojanized software cracks, and more to distribute Magniber and encrypt devices. The Magniber campaign mainly targets individual users who download malicious software and execute it on their home or small business systems.

A cyberattack on the blood bank OneBlood has impacted over 250 hospitals. While some are still able to collect, test, and distribute blood, their operations have been heavily diminished. Many patients are dependent on a supply of blood, especially in the summer months when donations tend to be lower. OneBlood has issued an urgent outreach for O+ and O- blood and platelet donations. The company is working with federal, state, and national cyber security experts to restore services.

The Russian threat actor "Fighting Ursa," also known as "APT28," "Fancy Bear," and "Sofacy," has used car ads as a lure to distribute the "HeadLace" backdoor malware. The scheme targets Eastern European diplomats in need of personal transportation, luring them with a supposed good deal on an Audi Q7 Quattro SUV. This article continues to discuss the history of the Fighting Ursa Advanced Persistent Threat (APT) and the group's use of car ads as a lure to distribute HeadLace backdoor malware.

Researchers at Elastic Security Labs have discovered design flaws in Microsoft's Windows Smart App Control and SmartScreen. The exploitation of these vulnerabilities could allow threat actors to gain initial access to target environments with minimal user interaction and no security warnings. This article continues to discuss findings regarding the design weaknesses uncovered in Microsoft's Windows Smart App Control and SmartScreen.

Eighty-six percent of firms say unknown organizational cyber risks are a top concern, according to the "Critical Start 2024 Cyber Risk Landscape Peer Report." The report found that 66 percent of businesses have limited insight into their cyber risk profiles. Sixty-five percent of executives are concerned about cybersecurity investments and organizational risk reduction priorities not aligning. Eighty-three percent of cybersecurity professionals reported facing a cyber breach that required attention despite implementing traditional threat-based detection and response measures.

According to researchers at Volexity, the Advanced Persistent Threat (APT) group "StormBamboo" compromised an Internet Service Provider (ISP) to poison Domain Name System (DNS) queries and deliver malware to organizations. The Chinese-speaking cyber espionage threat actor, also known as "Evasive Panda" and "StormCloud," typically compromises third parties to breach targets. This article continues to discuss StormBamboo's compromise of an ISP to deliver malicious software updates.

Researchers from the Graz University of Technology have published a paper on "SLUBStick," a new Linux kernel exploitation technique that makes heap vulnerabilities increasingly dangerous. The team pointed out that Linux kernel flaws have increased in recent years, but many have limited impact. The researchers showed that the new SLUBStick technique can elevate a limited heap vulnerability to an arbitrary memory read/write primitive, enabling privilege escalation and container escapes even with the implementation of modern defenses.

According to a team of researchers from the University of Tokyo and NTT Security, attackers can conceal their malicious injection activity by inserting commands into the machine code stored in memory by the software interpreters that many programming languages use. Interpreters translate each line of human-readable software code into bytecode. The researchers successfully inserted malicious instructions into the bytecode stored in memory before execution. Since most security software does not scan bytecode, their changes went undetected.

According to Proofpoint, threat actors have been using Cloudflare Tunnels to deliver different Remote Access Trojan (RAT) families. Since February 2024, attackers have abused the TryCloudflare feature to create one-time tunnels without an account in order to distribute "AsyncRAT," "GuLoader," and other RATs. This article continues to discuss threat actors' abuse of Cloudflare's TryCloudflare feature to create one-time tunnels for the distribution of RATs.