Cryptojacking attackers are targeting poorly protected PostgreSQL databases running on Linux machines. Aqua Security researchers observed the attack on a honeypot system, which began with the threat actors brute-forcing access credentials. Once access is gained, the threat actor creates a new user role with login capability and high privileges, strips the user role they compromised of superuser privileges, and more. The first payload, "PG_Core," mainly removes cron jobs for the current user and terminates processes associated with other cryptomining malware.

According to the application security company Miggo, about 15,000 apps that use Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication may be vulnerable to attacks. The attacks dubbed "ALBeast" stem from a critical configuration issue, not a vulnerability in the AWS ALB solution. AWS was informed of the possible risks in April, and since then, it has updated its documentation and added new code to help prevent ALBeast attacks. This article continues to discuss the vulnerability of thousands of apps using AWS ALB to ALBeast attacks.

"MoonPeak," a newly discovered Remote Access Trojan (RAT) family, has been linked to the North Korean threat group "UAT-5394." Cisco Talos research shows that this sophisticated malware, based on the open source "XenoRAT," is actively being developed to avoid detection and improve functionality.

Class action litigation claims administration firm Arden Claims Service recently started notifying about 139,000 individuals that their personal information was stolen during an October 2023 data breach.  The incident was discovered on October 17, when the firm noticed unusual activity in an email account.  During an investigation, the company found that  a third party “acquired certain data without authorization on or about October 3”.

According to security researchers at Malwarebytes, most ransomware attacks now occur between 1 am and 5 am to catch cybersecurity teams off guard.  To compound the challenge for network defenders, the researchers claimed it takes less time than ever to complete the entire ransomware attack chain, from initial access to encryption.  The researchers noted that it used to take weeks to work through all these steps to conduct a successful ransomware attack, but now it takes only hours.

According to security researchers at Barracuda Networks, more than a fifth (21%) of ransomware attacks targeted healthcare in the past 12 months, up from 18% in the previous year.  The researchers analyzed 200 reported ransomware incidents from August 2023 to July 2024 during the new study.  The researchers also found that local government municipalities are also a highly targeted sector, at 17%.  Ransomware incidents affecting the education sector fell from 18% in 2022-23 to 9% in 2023-24.

The Remote Authentication Dial-In User Service (RADIUS) protocol, a widely used security protocol dating back to the days of dial-up Internet, has been found to contain vulnerabilities that leave many networked devices exposed to an attack and enable an adversary to gain control of traffic on an organization's network.