Major Incidents or Breaches

  • The UK train operator LNER disclosed a data breach involving a third-party supplier, resulting in the compromise of customer contact information and other data.
  • Panama’s Ministry of Economy and Finance reported a cyberattack claimed by the INC ransomware group, with indications that at least one computer was compromised.
  • Cornwell Quality Tools suffered a ransomware attack attributed to the Cactus group, impacting approximately 100,000 individuals.
  • Vyro AI experienced a data leak, attributed to poor cyber hygiene, exposing proprietary or sensitive data.
  • Apple issued warnings to customers targeted in a recent series of spyware attacks, as confirmed by the French national CERT (CERT-FR).
  • Microsoft Exchange Online experienced an outage in North America, disrupting email access for customers.
  • Meta faces whistleblower allegations of ignoring child sex abuse risks within its VR “metaverse” environment.

Newly Discovered Vulnerabilities

  • A critical use-after-free vulnerability in Google Chrome was patched, which could have allowed code execution.
  • Cisco patched high-severity vulnerabilities in IOS XR that could allow ISO image verification bypass and denial-of-service attacks.
  • A security weakness in the AI-powered Cursor code editor was disclosed, enabling silent code execution when opening malicious repositories.
  • A new Spectre-like attack, VMScape, was identified that allows a malicious VM to leak cryptographic keys from a QEMU hypervisor on AMD and Intel CPUs.
  • A critical access control vulnerability (CVE-2024-40766) in SonicWall SSLVPN devices is being actively exploited.
  • Apple CarPlay was found to have a remote code execution exploit that remains unaddressed in most vehicles.
  • Researchers demonstrated that the ThrottleStop.sys driver can be weaponized by the Gentlemen ransomware to disable antivirus and EDR solutions.

Notable Threat Actor Activity

  • The Akira ransomware group is actively exploiting the SonicWall SSLVPN vulnerability (CVE-2024-40766) and related misconfigurations to gain initial access to targeted environments.
  • Fake browser extensions, including “Madgicx Plus” and “SocialMetrics,” are being distributed via malicious ads and websites to hijack Meta Business Accounts and steal sensitive data.
  • The Vidar infostealer has resurfaced with new evasion techniques and enhanced data exfiltration capabilities.
  • AI-backed malware, attributed to the EvilAI group, is leveraging legitimate-sounding productivity apps to deliver Trojans with advanced evasion against antivirus solutions.
  • A phishing campaign is abusing iCloud Calendar invites sent via Apple infrastructure to deliver PayPal-themed phishing messages.
  • Scam text messages impersonating Bureau of Motor Vehicles are targeting motorists for personal and banking information.
  • Romance scams continue, with a recent case involving an “astronaut-in-distress” scenario resulting in financial loss to an elderly victim.

Trends, Tools, or Tactics of Interest

  • Attackers are increasingly leveraging legitimate credentials and simple login methods rather than exploiting technical vulnerabilities, highlighting a trend of “logging in” rather than “hacking in.”
  • AI-generated deepfake scams are rising, prompting the FBI and American Bankers Association to issue joint guidance for awareness and mitigation.
  • Jailbreaking of AI models remains a challenge, with the UAE’s K2 Think AI model being compromised through its own transparency features hours after release.
  • The use of malvertising and fake browser extensions to hijack business accounts is increasing.
  • Memory Integrity Enforcement, a new security architecture in Apple’s latest iPhones, aims to mitigate memory-related vulnerabilities.
  • Google Pixel 10 devices now support the C2PA standard for verifying the authenticity and provenance of digital media.
  • Microsoft has added malicious link warnings to Teams private chats to enhance user protection.
  • Security researchers are focusing on AI pen testing, including social engineering and behavioral manipulation techniques for large language models.
  • The security of browser extensions remains a significant concern, with risks of data exfiltration and adversary-in-the-middle (AitM) attacks.
  • Overloaded SOCs are increasingly turning to AI for alert triage and automation, though concerns remain about AI introducing new risks if not properly overseen.

Regulatory or Policy Developments Affecting the Security Industry

  • U.S. Senator Ron Wyden has urged the Federal Trade Commission to investigate Microsoft for alleged “gross cybersecurity negligence” related to ransomware incidents, specifically referencing Windows security and Kerberoasting attacks.
  • The European Union imposed financial sanctions on Stark Industries Solutions Ltd., a bulletproof hosting provider, though the company continues to operate by evading these sanctions.