Major Incidents and Attacks:

  • Attackers are distributing a miner and the ClipBanker Trojan via SourceForge, using unconventional persistence techniques.
  • Researchers discovered a surge in SMS phishing (smishing) attacks driven by a phishing-as-a-service (PhaaS) platform named ‘Lucid.’

Newly Discovered Vulnerabilities:

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical security flaw impacting CrushFTP to its Known Exploited Vulnerabilities (KEV) catalog.
  • Google released patches for 62 vulnerabilities, including two actively exploited zero-days in Android devices.

Impacts on the Cybersecurity Industry:

  • The dark web leak site of the Everest ransomware gang was hacked and is now offline, affecting the ransomware group’s operations.
  • Nine malicious VSCode extensions on Microsoft’s Visual Studio Code Marketplace were found infecting users with cryptominers.
  • WK Kellogg Co disclosed a data breach linked to Clop ransomware attacks, warning employees and vendors about stolen company data.

Regulatory and Policy Developments:

  • NIST is implementing a ‘Deferred’ status for dated vulnerabilities to prioritize CVEs in the National Vulnerability Database (NVD).
  • EU officials are preparing to ’ease the burden’ of the GDPR data privacy law for small and medium businesses while ensuring data privacy rules still function effectively.

Notable Incidents in Aviation Sector:

  • The Computer Emergency Response Team of Ukraine (CERT-UA) revealed cyber attacks targeting Ukrainian institutions with information-stealing malware, impacting military entities.

Overall, the cybersecurity landscape is witnessing a rise in sophisticated attacks, exploitation of vulnerabilities, and regulatory efforts to enhance security standards, with specific incidents targeting various sectors like gaming, ransomware, and phishing-as-a-service platforms.