According to Cisco Talos, "BlackByte" ransomware attackers have exploited a recently patched VMware ESXi hypervisor flaw while also abusing different vulnerable drivers to disable security. The group is changing tactics by exploiting a VMware ESXi authentication bypass vulnerability, which other ransomware groups have also weaponized. This article continues to discuss the BlackByte ransomware group's exploitation of an authentication bypass vulnerability in VMware ESXi.

ESET discovered a cyber espionage campaign, traced to the Seoul-aligned APT-C-60 group, that exploited a novel Remote Code Execution (RCE) vulnerability in WPS Office for Windows to launch a custom backdoor. The APT used the "SpyGlace" backdoor against victims in East Asia. This article continues to discuss the new APT-C-60 group's campaign involving the exploitation of an RCE vulnerability in WPS Office for Windows.

Infosecurity Magazine reports "South Korean Spies Exploit WPS Office Zero-Day"

Threat actors have been delivering malware to users of instant messaging apps. They have used a malicious Pidgin plugin and an unofficial fork of the Signal app. On August 22, the Pidgin messaging app's developers informed users that they had discovered a malicious plugin called "ScreenShare-OTR (ss-otr)" on the official third-party plugins list. The plugin was found to include keylogging code. It also sent screenshots to its operators. This article continues to discuss findings regarding threat actors' delivery of malware through instant messaging apps.

DICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, recently announced that confidential information was exposed in a cyberattack detected last Wednesday.  The company has hired outside cybersecurity experts to help contain the security breach and assess the cyberattack's impact.  The company said that on August 21, 2024, they discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information.

According to security researchers at Defiant, a critical vulnerability in the WPML multilingual plugin for WordPress could expose over one million websites to remote code execution (RCE).  Tracked as CVE-2024-6386 (CVSS score of 9.9), the bug could be exploited by an attacker with contributor-level permissions.  The researchers noted that WPML relies on Twig templates for shortcode content rendering but does not properly sanitize input, which results in a server-side template injection (SSTI).

By aekwall 

Software solutions provider Young Consulting recently notified over 950,000 individuals that their personal information was compromised in a data breach earlier this year.  The incident was discovered on April 13, when the company "became aware of technical difficulties" within its environment.

The US Department of State recently announced a $2.5 million reward for information leading to the arrest of a Belarusian national allegedly involved in the mass distribution of malware.  Volodymyr Kadariya, 38, a Belarussian and Ukrainian national, reportedly participated in a “significant malware organization” that distributed the Angler Exploit Kit and other malware to the computers of millions of victims.

In a study titled "Towards Antifragility of Cloud Systems: An Adaptive Chaos Driven Framework," researchers used different strategies to show how stress can bolster the security of cloud computing systems. They applied "chaos engineering" and adaptive strategies to help the cloud computing system learn from faults and cyberattacks. This article continues to discuss the use of chaos engineering to decrease the vulnerability of cloud computing to cyberattacks.

Lumen Technologies found the Chinese Advanced Persistent Threat (APT) group "Volt Typhoon" exploiting a new zero-day in Versa Director servers to steal credentials and break into downstream customers' networks. The vulnerability was recently added to the US Cybersecurity and Infrastructure Security Agency's (CISA) must-patch list after Versa Networks confirmed the zero-day exploitation, warning that the Versa Director Graphical User Interface (GUI) could be hacked to plant malware on affected devices.