Mandiant researchers report a rise in attacks by the Chinese government-backed hacking group "APT41" against shipping, logistics, technology, and automotive organizations in Europe and Asia. The group is known for its dual-role operations, which include both state-sponsored espionage and financially motivated intrusions. This article continues to discuss APT41's latest attacks.

According to security researchers at the Identity Theft Resource Center (ITRC), the number of US data breach victims in Q2 2024 increased annually by over 1000%, despite a 12% decrease in the actual number of incidents in those three months.  The researchers claimed the Q2 increase in victim numbers was due to the impact of a small number of large breaches and impacted organizations like Prudential Financial and Infosys McCamish System, revising victim counts from tens of thousands to millions of customers.

MediSecure recently announced that the personal and health data of almost 13 million Australians has been impacted by the cyberattack that occurred in May 2024.  The company says that it has determined that 12.9 million individuals who used the MediSecure prescription delivery service during the period of March 2019 to November 2023 have been impacted by the incident.  This includes information relating to patient prescriptions.  Some of the information exposed includes full names, dates of birth, gender, email addresses, home addresses, and phone numbers.

According to a team of researchers from Arizona State University, the University of New Mexico, the University of Michigan, and the University of Toronto's Citizen Lab, Virtual Private Networks (VPNs) are impacted by a vulnerability that can lead to Man-in-the-Middle (MitM) attacks, allowing threat actors to intercept and redirect traffic. The attack technique called "Port Shadow" builds on research first presented by Benjamin Mixon-Baca and Jedidiah R. Crandall in 2021. This article continues to discuss the Port Shadow technique.

Boat dealer MarineMax has started informing more than 123,000 individuals about a data breach resulting from a ransomware attack launched against the company earlier this year. The incident came to light in March, when the company revealed in an SEC filing that it was targeted in a cyberattack that had caused some disruption.

Researchers at Cybernews gained root access to the Rabbit R1 Artificial Intelligence (AI) personal assistant by exploiting a five-year-old vulnerability, cautioning consumers against purchasing a used Rabbit R1. According to the Cybernews research team, the device is vulnerable to an exploit called "Kamakiri," which has been public since January 2019 and affects several MediaTek Systems on Chip (SoCs). The Rabbit R1 runs on the MediaTek MT6765V SoC.

A popular cybercrime tool called "AuKill" that tampers with security solutions now kills protected Windows processes used by Endpoint Detection and Response (EDR) tools. "FIN7," also known as "Carbanak," "Carbon Spider," "Cobalt Group," and "Navigator Group" developed AuKill. It is a program designed to undermine endpoint security, employing over 10 different user and kernel mode techniques. This article continues to discuss findings regarding the AuKill cybercrime tool. 

Cisco has fixed a critical flaw that enables attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. The security vulnerability stems from an unverified password change flaw in SSM On-Prem's authentication system. The successful exploitation of this vulnerability lets unauthenticated, remote attackers change user passwords without knowing the original password. This article continues to discuss the potential exploitation and impact of the Cisco SSM On-Prem bug.

According to a Netskope study, 96 percent of organizations now use generative Artificial Intelligence (AI) applications, raising the risk of sharing sensitive data with these public tools. The report discovered that the sharing of proprietary source code with generative AI applications has resulted in 46 percent of all data policy violations. This article continues to discuss the use of generative AI applications by organizations, the risks posed by this use, and suggested security controls.

According to Legit Security, most GitHub Actions are overly privileged or have risky dependencies. The GitHub Actions marketplace's security was found to be especially poor, with most custom Actions not verified, maintained by one developer, or generating low scores based on the OpenSSF Scorecard. Insecure GitHub Actions enable attackers to compromise open source and launch supply chain attacks. They could use them as an initial attack vector into organizations that use GitHub. This article continues to discuss security-related findings regarding GitHub Actions.