Cybercriminals are distributing a malware cocktail via cracked versions of Microsoft Office advertised on torrent websites. Malware delivered to users includes Remote Access Trojans (RATs), cryptocurrency miners, malware downloaders, proxy tools, and anti-virus software. The AhnLab Security Intelligence Center (ASEC) identified the campaign, warning against downloading pirated software. The researchers discovered that the attackers use a variety of lures, including Microsoft Office, Windows, and the Hangul Word Processor.

The National Institute of Standards and Technology (NIST) will receive outside help to get the National Vulnerability Database (NVD) back on track. In February, the organization informed the cybersecurity community to expect delays in the analysis of Common Vulnerabilities and Exposures (CVE) identifiers in the NVD, as it was forming a consortium to improve the program. In an April update, NIST blamed an increase in vulnerabilities and "change in interagency support" for the NVD's growing backlog of vulnerabilities that needed analysis.

"APT28," a Russian GRU-backed threat actor, has been targeting networks across Europe with "HeadLace" malware and credential harvesting websites. The Advanced Persistent Threat (APT) group uses Legitimate Internet Services (LIS) and Living Off-the-Land Binaries (LOLBins) to hide their operations in network traffic. This article continues to discuss APT28's targeting of Europe with HeadLace malware and credential harvesting.

Security researchers at Proton have recently discovered email addresses and other information of hundreds of British, French, and European Parliament politicians on dark web marketplaces.

​A threat actor known as ShinyHunters recently announced that it is selling what it claims is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000.  The allegedly stolen databases, which were first put up for sale on the Russian hacking forum Exploit, supposedly contain 1.3TB of data and the customers' full details (i.e., names, home and email addresses, and phone numbers), as well as ticket sales, order, and event information.

Europol and German law enforcement have recently revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation.  Europol said that Operation Endgame led to the seizure of 100 servers used in multiple malware operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC.  The law enforcement crackdown also involved four arrests, one in Armenia and three in Ukraine.

According to security researchers at Lumen Technologies, more than 600,000 small office/home office (SOHO) routers belonging to the same ISP were rendered inoperable in a single destructive event.  The researchers noted that the impacted router models, from ActionTec and Sagemcom, were confined to the ISP’s autonomous system number (ASN), and were likely infected with Chalubo, a remote access trojan (RAT) that ensnares devices into a botnet.

The US Department of Justice (DoJ) dismantled what is considered the world's largest botnet ever. It included 19 million infected devices leased to other threat actors for committing various malicious activities. The "911 S5 botnet" served as a residential proxy service, with a global footprint spanning over 190 countries. According to the DoJ, the botnet was used for cyberattacks, financial fraud, identity theft, and more. This article continues to discuss the dismantlement of the 911 S5 botnet. 

The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity Throughout the Visibility and Analytics Pillar," which describes the infrastructure, tools, data, and methods of this Zero Trust (ZT) framework pillar. Organizations are encouraged to follow the report's advice to mitigate risks and quickly identify, detect, and respond to cyber threats. Recommended actions include logging all relevant activity, centralizing security information and event management, regularly using security and risk analytics, and more.