Mandiant has found that Chinese-backed threat actors are increasingly using Operational Relay Boxes (ORBs) in cyber espionage activities. Advanced Persistent Threat (APT) groups use this attack tactic to increase the cost of network defense and give espionage operators the advantage by evading detection and complicating attribution. Mandiant explained how Chinese nation-state groups like "Volt Typhoon" use ORB networks for cyber espionage. This article continues to discuss the use of ORBs in cyberattacks.

A new cryptocurrency jacking campaign uses vulnerable drivers to disable Endpoint Detection and Response (EDR) solutions and evade detection in Bring Your Own Vulnerable Driver (BYOVD) attacks. Elastic Security Labs tracks the campaign's primary payload as "GHOSTENGINE." Previous research by the cybersecurity firm Antiy Labs called the activity "HIDDEN SHOVEL." This article continues to discuss findings regarding GHOSTENGINE cryptocurrency jacking attacks. 

Since 2018, a threat actor dubbed "Unfading Sea Haze" has targeted military and government entities in the South China Sea region without detection. According to Bitdefender researchers, the threat group's intelligence collection and espionage align with Chinese geopolitical interests. Unfading Sea Haze overlaps with other clusters regarding operations, toolsets, and more. The threat actor's attacks start with spear-phishing emails containing ZIP archives with LNK files disguised as documents.

Patrick Traynor, a University of Florida (UF) professor, along with UF's Florida Institute for Cybersecurity team are researching robust ways to defend against deepfake technology. The research, funded by the National Science Foundation (NSF) and the Office of Naval Research (ONR), involves analyzing deepfake voice technology and the complex aspects of human voice and speech. This article continues to discuss the research aimed at developing robust defenses against deepfake technology.

The US government's Advanced Research Projects Agency for Health (ARPA-H) has announced a $50 million cybersecurity effort to help Information Technology (IT) teams protect hospital environments from cyberattacks. ARPA-H says the large number of Internet-connected devices implemented in health facilities makes it chllaenging to advance cybersecurity tools, leaving hospitals and other health organizations vulnerable to disruptive cyberattacks.

 Security researchers at SlashNext have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code, and attachment-based threats in the past six months. This data comes from SlashNext's mid-year "The State of Phishing 2024" report. During the study, the researchers also identified an 856% increase in malicious email and messaging threats over the previous 12 months. Since the launch of ChatGPT in November 2022, there has been a 4151% surge in malicious phishing messages.

Microsoft has revealed its Artificial Intelligence (AI)-optimized "Copilot+ PCs" that is raising concerns among experts regarding security and privacy due to a new feature called "Recall." According to Microsoft, the Recall feature will feel like having a "photographic memory" of everything a user has viewed on their PC. Recall captures "snapshots" of the user's active screen every few seconds and lets them view their activity.

A critical vulnerability in the open source version of Netflix's Genie job orchestration engine enables remote attackers to execute arbitrary code on systems running affected versions of the software. The bug has a near-max critical score of 9.9 out of 10 on the CVSS vulnerability severity scale. It attacks organizations that run their own Genie OSS instance, uploading and storing user-submitted file attachments via the underlying local file system.

Security researchers at Patchstack recently discovered a significant security vulnerability in the UserPro plugin, a popular community and user profile tool for WordPress developed by DeluxeThemes. This plugin, used by over 20,000 sites, enables users to create customizable front-end profiles and community websites. The critical flaw is in the plugin's password reset mechanism, specifically within the userpro_process_form function, which allowed unauthenticated users to change other users' passwords under certain conditions.

A study with important takeaways for cybersecurity found that Artificial Intelligence (AI)-generated images, text, and audio files are so convincing that people can no longer distinguish them from human-generated content. AI-generated content could increase the success of malicious social engineering attacks. The next generation of phishing emails may be highly personalized for potential victims due to the availability of AI tools. The researchers believe that developing defense mechanisms for such attack scenarios is a critical task for the future.