News – April 2024


  • Polish minister says government used spyware against hundreds of people

    April 25, 2024

    The use of spyware in Poland under the previous government resulted in accusations that the authorities were abusing power and eroding democratic guardrails. Poland’s prosecutor general said on Wednesday that Pegasus spyware was used against hundreds of people during the former Polish government. Adam Bodnar told lawmakers that he found the scale of the surveillance to ...

  • Universities Boost Spending to Curb Cyber Attacks

    April 25, 2024

    Higher education institutions have increased their cybersecurity budgets as more universities fall prey to cyber attacks, Moody’s Investor Service says in a report. The bond ratings agency reports that higher education institutions allocating a portion of their budget to cybersecurity increased more than 70 percent from 2019 to 2023. Despite the new spending jump, universities still ...

  • Governments issue alerts after ‘sophisticated’ state-backed actor found exploiting flaws in Cisco security boxes

    April 25, 2024

    A previously unknown and “sophisticated” nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments. A Cisco spokesperson declined to comment on which country the snooping crew – tracked as ...

  • Almost every Chinese keyboard app has a security flaw that reveals what users type

    April 24, 2024

    Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state ...

  • Spain reopens Israeli spyware probe, sharing information with France

    April 23, 2024

    Spain’s High Court on Tuesday reopened an investigation into the use of Israeli cyber-intelligence firm NSO Group’s Pegasus software to spy on Prime Minister Pedro Sanchez and other Spanish politicians. The investigators will share information with France, where politicians and other figures were also targeted. The probe aims to find out who was behind the snooping. ...

  • United Nations investigating potential ransomware attack after data ripped from IT systems

    April 23, 2024

    Hackers managed to break into the United Nations Development Programme (UNDP) IT systems in Copenhagen, stealing a wide range of sensitive data. Ransomware gang 8Base has claimed responsibility, posting on its own website that the group had managed to get its hands on employment contracts, personal data, invoices and much more Read more… Source: MSN News Sign up for ...

  • Are We Ready for a Cyber Attack on Food and Farming?

    April 23, 2024

    Federal officials and lawmakers are preparing to defend against cyber attacks that would leave residents without reliable access to food by targeting the food and agriculture sectors. The latest preparation effort is Cyber Storm — a massive, multiday tabletop exercise involving state, local, tribal, territorial, federal and private-sector organizations — and it probed how well participants ...

  • Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

    April 22, 2024

    Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as ...

  • Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400

    April 22, 2024

    This threat brief is frequently updated as new threat intelligence is available for us to share. The full update log is at the end of this post and offers the fullest account of all changes made. Updated April 19 to include information on observed levels of attempted exploitation and relative prevalence of those levels, with unsuccessful ...

  • Androxgh0st malware ramps up global attacks

    April 22, 2024

    More than 600 servers worldwide have been subjected to recent attacks with the Androxgh0st malware, reports Hackread. The U.S., India, and Taiwan accounted for the bulk of the impacted servers, which were compromised by Androxgh0st malware operators through web shells deployed via the exploitation of several security vulnerabilities, including CVE-2019-2725, CVE-2021-3129, and CVE-2024-1709, a report from ...