According to security researchers at Artic Wolf Labs, a new ransomware operation named "Fog," launched in early May 2024, is using compromised VPN credentials to breach the networks of educational organizations in the U.S.  The ransomware operation has not yet set up an extortion portal, and data has not been observed being stolen.  During attacks, the researchers noted that Fog's operators accessed victim environments using compromised VPN credentials from at least two different VPN gateway vendors.

Researchers have proven the possibility of secure quantum encryption. Computer tasks such as sending private messages rely on encryption to protect user data. That encryption must withstand attacks from codebreakers with their own computers. Therefore, modern encryption methods rely on assumptions about mathematical problems that are hard for computers to solve. In the 1980s, cryptographers set mathematical foundations for this information security approach, but some researchers discovered that computational hardness was not the only way to protect secrets.

Google and Microsoft warn of increased cyber threats, especially from Russia, to the 2024 Paris Olympics. Google Cloud's Mandiant cybersecurity team warns of espionage, disruption, destruction, hacktivism, influence, and financial threats to the 2024 Paris Olympics. Olympics-related cyber threats could impact event organizers, sponsors, ticketing systems, Paris infrastructure, athletes, and spectators. Mandiant warns that Russian threat groups pose a major threat to the Olympics, while state-sponsored actors from China, Iran, and North Korea pose a moderate to low risk.

At Infosecurity Europe 2024, Veracity Trust Network CEO Nigel Bridges warned that Artificial Intelligence (AI) will likely increase the threat of malicious bots to online businesses. Veracity found that bots made up almost 50 percent of web traffic in 2022, with over 30 percent being malicious. Bots targeting financial services perform account takeover, card cracking, and content scraping. Bridges added that cybercriminals and nation-states have used AI to scale bot automation. This article continues to discuss insights regarding malicious bots.

The US Justice Department recently announced that it has filed a civil forfeiture action in an attempt to recover more than $5.3 million lost by a Massachusetts workers union in a business email compromise (BEC) scam. The union was not named but is located in Dorchester and lost the money in January 2023, when cybercriminals sent it an email that appeared to come from a trusted investment consulting firm. The scammers used a spoofed email address to trick the workers union into believing that the investment consulting firm was requesting the transfer of $6.4 million to a different

The Federal Bureau of Investigation (FBI) has over 7,000 decryption keys to help "LockBit" ransomware victims. A disruptive international law enforcement operation against LockBit earlier this year resulted in the recovery of these decryption keys. The LockBit group provides Ransomware-as-a-Service (RaaS) to a global network of affiliates, enabling criminals to launch their own cyberattacks. The operation took down LockBit's data leak website and uncovered information about the gang.

A new Linux variant of "TargetCompany" ransomware targets VMware ESXi environments with a custom shell script to deliver and execute payloads. The TargetCompany ransomware operation, also known as "Mallox," "FARGO," and "Tohnichi," emerged in June 2021, targeting organizations in Taiwan, South Korea, Thailand, and India with MySQL, Oracle, and SQL Server database attacks. Avast made a free decryption tool available for variants released up to February 2022. The gang resumed targeting vulnerable Microsoft SQL servers in September and threatened victims with data leaks.

Interpol and the FBI recently cracked down on attempts in Moldova to sabotage one of the international police agency’s key tools, the Red Notice system.  The joint sting, which also involved cooperation with French and British authorities, uncovered an international criminal organization with ties to individuals in Russia, Ukraine, and Belarus suspected of cybercrime.  Interpol noted that the suspected individuals paid intermediaries and public figures in Moldova to inform wanted criminals of their Red Notice status.

Security researchers at Symantec have started analyzing the relatively new RansomHub ransomware-as-a-service and believe it has evolved from the currently defunct Knight ransomware project.  Knight ransomware launched in late July 2023 as a re-brand of the Cyclops operation and started breaching Windows, macOS, and Linux/ESXi machines to steal data and demand a ransom.

A trio of Chinese state-aligned threat clusters under the name "Operation Crimson Palace" stole military and political secrets from a government organization in Southeast Asia. Sophos reported on Operation Crimson Palace's sophistication and coordination, involving new malware tools, over 15 Dynamic Link Library (DLL) sideloading methods, and novel evasion methods. This article continues to discuss findings regarding Operation Crimson Palace.