The threat actor "Stargazer Goblin" has found a new way to use GitHub to spread malware and malicious links. Instead of hosting malware on GitHub and luring users to download an infected code package by clicking on a malicious link in a phishing email, the new tactic involves tricking victims into thinking that malicious repositories are legitimate through an operation involving thousands of fake accounts.

According to security researchers at Cisco Talos, ransomware and business email compromise (BEC) attacks accounted for 60% of all incidents in the second quarter of 2024.  Technology was the most targeted sector in this period, making up 24% of incidents, a 30% rise from the previous quarter.  The researchers noted that adversaries may view technology firms as a gateway into other industries and organizations, given their role in servicing various industries, including critical infrastructure.

The Internet Systems Consortium (ISC) recently announced BIND security updates that contain patches for several remotely exploitable denial-of-service (DoS) vulnerabilities in the DNS software suite.  The ISC said that the updates resolve a total of four high-severity bugs, tracked as CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, and CVE-2024-4076, all of which have a CVSS score of 7.5.  The first security defect would result in the server becoming unstable when receiving a flood of DNS messages over TCP.

By grigby1

By krahal

By grigby1 

The US Department of Homeland Security (DHS) has developed a four-legged robot called "NEO" to jam the wireless transmissions of smart home devices. NEO has an onboard computer and antenna array that enable law enforcement officers to launch a Denial-of-Service (DoS) attack, disabling potentially harmful Internet of Things (IoT) devices. Although NEO might not be able to impact hard-wired smart devices, it can still disable the radio frequencies most wireless IoT devices use to reduce risks for officers. This article continues to discuss the NEO robot that can create DoS events.