NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely

Chinese national faces 20 years in US prison for laundering pig-butchering proceeds

Bitdefender releases decryptor for ShrinkLocker ransomware

China-linked group hacked Tibetan media and university sites to distribute Cobalt Strike payload

Dutch company behind Hannaford, Stop & Shop says cyber issue affecting US network

Surge in exploits of zero-day vulnerabilities is ‘new normal’ warns Five Eyes alliance

Seoul accuses pro-Kremlin hackers of attacking websites over decision to monitor North Korean troops in Ukraine

Texas-based oilfield supplier faces disruptions following ransomware attack

Outages impact Washington state courts after ‘unauthorized activity’ detected on network

Click Here Podcasts

The Record-Centered.svg

Home

Subscribe to Cyber Daily®

Jonathan Greig

NIST.jpg

James Reddick

A passport belonging to Daren Li, a dual China and St. Kitts and Nevis citizen, who is accused of laundering $73 million stolen in pig butchering scams. Source: Department of Justice

pig-butchering-case-evidence-passport.png

sheboygan.jpg

Wisconsin city of Sheboygan says ransom demanded after cyberattack

Daryna Antoniuk

large_Tibet_35e3f34ff1.webp

large_Shopping_cart_86e057a3a2.webp

large_UN_general_assembly_22ac9093bb.webp

Controversial UN cybercrime treaty clears final hurdle before full vote as US defends support

Dina Temple-Raston

large_nakasone_2_544bace883.webp

Exclusive: Nakasone on exploding pagers, life after the NSA and another possible government job

large_Reichstag_66437b5726.webp

Germany warns of potential cyber threats from Russia ahead of snap election

large_Simon_Ray_d895cc2bfc.webp

Delta, Amazon confirm vendor breach as dark web posts revive MOVEit leak concerns

CVE-2024-40348

CVE-2024-40348 is a vulnerability in the Bazarr application that allows unauthenticated arbitrary file reading, specifically enabling attackers to attempt access to sensitive files like /etc/passwd, with various proof-of-concept (POC) tools available for exploitation.

CVE-2024-36991

Vulnerability CVE-2024-36991, classified with a CVSS score of 7.5, affects Splunk Enterprise on Windows versions prior to 9.2.2, 9.1.5, and 9.0.10, allowing attackers to perform a path traversal on the /modules/messaging/ endpoint, which could lead to the exposure of sensitive files such as /etc/passwd, as highlighted in recent advisories and discussions surrounding its exploitation potential.

CVE-2024-38112

CVE-2024-38112 is a spoofing vulnerability in Microsoft's MSHTML platform, exploited by the advanced persistent threat group Void Banshee to deploy infostealer malware, and has been actively targeted alongside other vulnerabilities such as CVE-2024-43461, which was added to CISA's Known Exploited Vulnerability catalog for being exploited in conjunction with CVE-2024-38112.

REMCOS RAT

Recent reports indicate that cybercriminals are exploiting the CVE-2017-0199 vulnerability in Microsoft Excel through phishing campaigns to distribute a fileless variant of Remcos RAT, which enables attackers to remotely control infected devices and exfiltrate sensitive information.

CVE-2024-20419

CVE-2024-20419 is a critical vulnerability in Cisco's Smart Software Manager On-Prem that allows unauthenticated remote attackers to change user passwords due to improper validation in the password change functionality, and there is a script being sold on a hacking forum that exploits this vulnerability for $50,000.

Scattered Spider

Scattered Spider, also known as UNC3944 or Octo Tempest, is a financially motivated cybercriminal group that has evolved its tactics since at least 2022, leveraging advanced social engineering techniques, including AI-driven voice phishing and collaboration with ransomware groups like RansomHub, to target organizations across various sectors such as healthcare and finance, resulting in high-profile attacks and significant data breaches.

RedGolf

APT41, a Chinese nation-state actor, has recently conducted sophisticated cyber attacks primarily targeting the gambling industry for financial gain, maintaining persistent access to compromised networks for extended periods while stealthily gathering sensitive data such as user passwords and network configurations.

BlueBravo

BlueBravo, a cyber attacker linked to Russian state-sponsored activities, has been involved in sophisticated phishing campaigns targeting government officials and organizations to gather intelligence and gain unauthorized access to sensitive information.

North Korean Hackers

North Korean hackers, particularly the BlueNoroff group and Lazarus Group, are intensifying their cyber attacks on cryptocurrency firms by deploying sophisticated malware campaigns like "Hidden Risk" that target macOS users through phishing emails and exploit vulnerabilities in popular software, while also leveraging new tactics such as embedding malware in legitimate applications to bypass security measures, resulting in significant financial theft and potential collaboration with Russian hackers amid ongoing geopolitical tensions.

Play Ransomware

Play Ransomware, which emerged in June 2022, has gained notoriety for its sophisticated attacks by exploiting unpatched vulnerabilities in applications like Fortinet SSL VPN and Microsoft Exchange, and has recently been linked to the North Korean state-sponsored group Jumpy Pisces, marking a significant collaboration between state-sponsored actors and underground ransomware networks.

NoName057(16)

NoName057(16), a pro-Russian hacktivist group, has been actively launching DDoS attacks against various targets in the UK, Ukraine, Japan, South Korea, and the Czech Republic, while claiming responsibility for hacking multiple local authorities and coordinating efforts with other cyber groups in response to geopolitical tensions.

LummaC2

LummaC2 is an evolving information-stealing malware that employs sophisticated phishing tactics, including fake CAPTCHA pages and embedded malicious code in legitimate software, to target sensitive data from compromised systems, particularly focusing on browser credentials, cryptocurrency wallets, and other personal information.

HijackLoader

Recent cybersecurity reports reveal that the HijackLoader malware, also known as Lumma Stealer, is being distributed through sophisticated campaigns that utilize stolen legitimate code-signing certificates to evade detection, with new techniques involving DLL sideloading and steganography to hide malicious payloads within image files.

BugSleep

BugSleep, a novel remote access Trojan (RAT) associated with the Iranian APT group MuddyWater, utilizes a bespoke command-and-control protocol over TCP to enable reverse shell and file I/O capabilities while employing advanced evasion techniques, including file obfuscation and encryption, to avoid detection in its ongoing malicious campaigns.

SocGholish

Recent intelligence indicates that SocGholish, a JavaScript-based downloader often disguised as legitimate browser updates, continues to be a prevalent and stealthy threat, actively targeting users through compromised websites and leveraging social engineering tactics, making it difficult for security tools to detect and block its malicious activities.

Latest Cyber Security News

Briefs

US agencies confirm Beijing-linked telecom breach involving call records of politicians, wiretaps

Top White House cyber official urges Trump to focus on ransomware, China