Cryptocurrency investigators at Elliptic have claimed a popular online marketplace in Southeast Asia is actually being used primarily by money launderers and fraudsters.  The investigators claimed that Huione Guarantee is part of Cambodian conglomerate Huione Group, which is owned by the cousin of current prime minister Hun Manet.  Merchants on the marketplace, launched in 2021 apparently as a place to trace legitimate goods like property and cars, have pulled in at least $11bn over the past three years.

VMWare recently pushed out patches for a high-risk SQL injection vulnerability in its Aria Automation product and warned that an authenticated malicious user could target the flaw to manipulate databases.  The company noted that the vulnerability tracked as CVE-2024-22280 allows for unauthorized read and write operations in the database through specially crafted SQL queries.  The bug carries a CVSS severity score of 8.5/10.  The affected products include VMware Aria Automation version 8.x and VMware Cloud Foundation versions 5.x and 4.x.

The National Security Agency (NSA) joins the Australian Signals Directorate (ASD) and other agencies in publishing a Cybersecurity Advisory (CSA) titled "PRC MSS Tradecraft in Action." It delves into the tradecraft of a cyber actor group associated with the People's Republic of China (PRC) Ministry of State Security (MSS). The CSA aims to help cybersecurity professionals prevent, identify, and remediate network intrusions by sharing case studies of the adversary's tactics and techniques. This article continues to discuss the CSA on "PRC MSS Tradecraft in Action."

Cisco Talos reports that ransomware attackers are increasingly focusing on defense evasion to boost dwell time in victim networks. This is due to the double-extortion ransomware model, in which attackers steal sensitive data and threaten to publish it online while locking down victims' systems. According to researchers, ransomware threat actors seek persistent access to gain insight into the target network's structure, find resources to support their attack, and identify valuable data. A new Cisco Talos report delves into 14 of the most active ransomware groups between 2023 and 2024.

Cloud computing and virtualization software vendor Citrix recently released patches to fix multiple security vulnerabilities, including critical and high-severity issues, in its flagship NetScaler product line.  The company noted that the most severe of these issues is CVE-2024-6235, an improper authorization bug that could allow attackers to access sensitive information.  Citrix also fixed CVE-2024-6236, a buffer overflow bug in NetScaler Console, Agent, and SVM products that could be exploited to cause a denial-of-service (DoS) condition.

Alexander Sherbrooke, a first-year computer science and engineering student at UC Santa Cruz, explored the security of an Internet-connected laundry machine. With his computer, he was able to use the machine's public-facing Application Programming Interface (API) to run a script that told the laundry machine to start a load without paying the $1 fee. He informed Slug Security, a hacking and cybersecurity club for students, about the laundry machine's interface vulnerability.

Researchers have found that clickable website links often lead to malicious destinations. Millions of "hijackable hyperlinks" have been found across the web, including on trusted websites. At the 2024 Web Conference, their paper showed that web cybersecurity threats can be exploited much more widely than previously thought. They found hijackable hyperlinks on websites belonging to large organizations, religious organizations, financial companies, and governments. These websites' hyperlinks can be hijacked without warning.

The critical "BlastRADIUS" vulnerability in the RADIUS protocol exposes most networking equipment to Man-in-the-Middle (MitM) attacks. The vulnerability is hard to exploit, but an exploit could have serious consequences. BlastRADIUS lets attackers exploit certain RADIUS packets. The RADIUS protocol enables certain Access-Request messages to have no integrity or authentication checks. Therefore, an attacker can modify these packets without being detected. They could force any user to authenticate and give authorization to that user.

According to the antivirus provider Avast, law enforcement organizations have been sharing decryptor keys with victims of the "DoNex" ransomware since March 2024. The Avast Threat Research Team recently noted that it had silently distributed the decryptor to DoNex ransomware victims after discovering a flaw in the cryptographic schema of the malware and predecessors. This article continues to discuss the DoNex ransomware and the release a decryptor to victims of this ransomware.

Researchers have found that attackers can perform cryptocurrency mining using improperly configured Jenkins Script Console instances. Trend Micro warned that improperly set up authentication mechanisms expose the '/script' endpoint to attackers, making Remote Code Execution (RCE) possible. Jenkins is a widely used Continuous Integration and Continuous Delivery (CI/CD) platform with a Groovy script console that enables users to run arbitrary Groovy scripts in the Jenkins controller runtime.