The Shadowserver Foundation warns that botnet attacks are exploiting a recently disclosed critical-severity vulnerability in discontinued Zyxel NAS devices. The code injection flaw can be exploited remotely without authentication. An attacker can exploit it by sending crafted HTTP POST requests to a vulnerable device for Remote Code Execution (RCE). Recently, the Shadowserver Foundation reported the first exploitation attempts by a Mirai-like botnet.

New fraud campaigns have used the "Medusa" banking Trojan, also known as "TangleBot." Cleafy researchers recently reported that this sophisticated malware family, first discovered in 2020, has returned with significant changes. This Remote Access Trojan (RAT) malware can perform keylogging, screen control, and SMS reading/writing, allowing threat actors to commit on-device fraud (ODF). This article continues to discuss findings regarding the new Medusa Trojan variant.

The "Thales 2024 Cloud Security Study" found that 44 percent of organizations have had a cloud data breach, with 14 percent having experienced one in the past 12 months. Human error and misconfiguration were the leading causes of cloud breaches, accounting for 31 percent of cases. This article continues to discuss key findings from the Thales 2024 Cloud Security Study.

Infosecurity Magazine reports "Cloud Breaches Impact Nearly Half of Organizations"

Researchers at Google's Project Zero introduced "Naptime," a framework to allow Large Language Models (LLMs) to perform vulnerability research. Naptime, launched in mid-2023, seeks to improve vulnerability discovery approaches, focusing on automating variant analysis. The Naptime framework lets LLMs conduct vulnerability research like human security experts, mimicking the iterative and hypothesis-driven approach.

Researcher Harish Santhanalakshmi Ganesan demonstrated the delivery of malware to Meta's Quest 3 headset. He took on claims that it is almost impossible to install malware on Quest 3 VR, and did it without enabling developer mode. Googling led him to a method to install "CovidLock" ransomware on his headset. The ransomware targets Android devices, pretending to be a COVID-19 tracker app and gaining additional permissions to the point where it can lock users out and display a ransom note.

Indonesia’s national data center has recently been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.  Samuel Abrijani Pangerapan, the director general of informatics applications with the Communications and Informatics Ministry, said that the cyberattack has disrupted the services of more than 200 government agencies at both the national and regional levels since June 20.

High-end department store Neiman Marcus recently disclosed a data breach shortly before a hacker offered to sell information belonging to the company's customers.  The company said a database platform storing personal information was compromised between April and May 2024.  The data breach was detected in May. The company noted that an investigation showed that the hacker had gained access to information such as names, contact data, dates of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers.

Google recently announced a new Chrome security update that addresses four high-severity memory safety vulnerabilities reported by external researchers.  Google noted that the four issues tracked as CVE-2024-6290 to CVE-2024-6293 are use-after-free bugs impacting the Dawn and Swiftshader components of the popular browser.  The latest Chrome iteration is now rolling out to users as version 126.0.6478.126 for Linux and as versions 126.0.6478.126/127 for Windows and macOS.