Security News

The Scattered Spider cybercrime group is now using RansomHub and Qilin ransomware variants in its attacks, illustrating a possible power shift among hacking groups. Scattered Spider - which hit Las Vegas casinos last year among many other victims, and is tracked as Octo Tempest by Microsoft, or the gazillion other aliases it has depending on who's doing the talking - accounts for "a significant bulk of investigations."

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. Emo created a list of 500 million email addresses and fed it into the API to determine if they were linked to a Trello account.

Microsoft will introduce checkpoint cumulative updates starting in late 2024 for systems running devices running Windows Server 2025 and Windows 11, version 24H2 or later. This new type of update will deliver security fixes and new features via smaller, incremental differentials that include only changes added since the previous checkpoint cumulative update.

SEE: Previous iterations of iOS in these TechRepublic cheat sheets: iOS 17, iOS 16, iOS 15, iOS 14, iOS 13. Apple is expected to release iOS 18 to the general public in Fall 2024.

In data breach notification letters filed with the Office of Maine's Attorney General, Rite Aid said it detected the incident on June 6, 12 hours after the attackers breached its network using an employee's credentials.Just as it told BleepingComputer when it first confirmed the data breach on Friday, Rote Aid added that the customers' Social Security numbers, financial information, or health information were not exposed in the incident.

Knowing what threats are out there and having a good idea of your infrastructure vulnerabilities is half the battle, which is what makes the 2024 Cisco Cybersecurity Readiness Index report so valuable. Based on a survey of over 8,000 business and cybersecurity leaders spanning 30 global markets it rates readiness to meet those threats according to five criteria - Identify Intelligence; Network Resilience; Machine Trustworthiness; Cloud Reinforcement; and Artificial Intelligence Fortification.

Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. "In the second quarter of 2024, financially motivated threat actor Octo Tempest, our most closely tracked ransomware threat actor, added RansomHub and Qilin to its ransomware payloads in campaigns," Microsoft said Monday.

The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro's Zero Day Initiative have shared. As previously explained by Check Point researcher Haifei Li, the attackers used files that were specially crafted to exploit the vulnerability but were made to look like PDFs. "The threat actor leveraged CVE-2024-38112 to execute malicious code by abusing the MHTML protocol handler and x-usc directives through internet shortcut files. Using this technique, the threat actor was able to access and run files directly through the disabled Internet Explorer instance on Windows machines," Trend Micro researchers noted.

Details have emerged about a "Massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. "Konfety represents a new form of fraud and obfuscation, in which threat actors operate 'evil twin' versions of 'decoy twin' apps available on major marketplaces," HUMAN's Satori Threat Intelligence Team said in a technical report shared with The Hacker News.

Microsoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. The company acknowledged the bug in early February after many Microsoft 365 users reported seeing unexpected warnings that "This location may be unsafe" and "Microsoft Office has identified a potential security concern" when double-clicking ICS calendar files.