Today's cybersecurity headlines are brought to you by ThreatPerspective

The Cyber Wars: A Decade-Long Struggle for Digital Supremacy

A new decade of cyber warfare has begun, with nation-states, organized crime groups, and individual hackers continually adapting their tactics to evade detection and achieve their objectives. Researchers have discovered a zero-click Facebook account takeover, while a new SPIKEDWINE APT group is targeting officials in Europe.

In the realm of cybersecurity, a new decade has dawned, bringing with it an unprecedented array of threats, exploits, and countermeasures. The landscape is constantly shifting, with nation-states, organized crime groups, and individual hackers continually adapting their tactics to evade detection and achieve their objectives.

A glance at the latest security newsletter reveals a plethora of concerns that highlight the evolving nature of this war. Researchers have discovered a zero-click Facebook account takeover, while a new SPIKEDWINE APT group is targeting officials in Europe. The LockBit gang appears to be resuming its operations, exploiting recent ConnectWise ScreenConnect bugs to gain unauthorized access.

Meanwhile, Lazarus APT has exploited a zero-day in Windows driver to gain kernel privileges, while pharmaceutical giant Cencora discloses a data breach that has raised concerns about the security of sensitive information. The FBI, CISA, and HHS have warned of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector.

Russia-linked APT28 has compromised Ubiquiti EdgeRouters to facilitate cyber operations, while Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs. An XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk.

US GOV offers a reward of up to $15M for info on LockBit gang members and affiliates, while New Redis miner Migo uses novel system weakening techniques. Critical flaws have been found in deprecated VMware EAP, prompting users to uninstall it immediately.

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers, while ConnectWise fixed critical flaws in ScreenConnect remote access tool. Operation Cronos disrupted the LockBit operation, with Cactus ransomware gang claiming the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric.

Operation Cronos: law enforcement disrupted the Lockbit operation, while a Ukrainian Raccoon Infostealer operator is awaiting trial in the US. Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS.

How BRICS Got "Rug Pulled" - Cryptocurrency Counterfeiting is on the Rise, with Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications. DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace.

The source code of Zeppelin Ransomware sold on a hacking forum, while Ivanov APT used new TinyTurla-NG backdoor to spy on Polish NGOs. US Gov dismantled the Moobot botnet controlled by Russia-linked APT28.

A cyberattack halted operations at Varta production plants, while North Korea-linked actors breached the emails of a Presidential Office member. CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog, as nation-state actors are using AI services and LLMs for cyberattacks.

Abusing the Ubuntu 'command-not-found' utility to install malicious packages, Zoom fixed critical flaw CVE-2024-24691 in Windows software. Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader, while Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days.

A ransomware attack took 100 Romanian hospitals down, while Bank of America customer data compromised after a third-party services provider data breach. Ransomfeed - Third Quarter Report 2023 is out!

Global Malicious Activity Targeting Elections is Skyrocketing, with researchers released a free decryption tool for the Rhysida Ransomware. Residential Proxies vs. Datacenter Proxies: Choosing the Right Option.

CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog, as Canada Gov plans to ban the Flipper Zero to curb car thefts. 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data.

US Feds arrested two men involved in the Warzone RAT operation, while Raspberry Robin spotted using two new 1-day LPE exploits. Github rotated credentials after the discovery of a vulnerability.

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation, as Citrix warns admins to immediately patch NetScaler for actively exploited zero-days. Google fixed the first actively exploited Chrome zero-day of 2024, while Atlassian fixed critical RCE in older Confluence versions.

VMware fixed a critical flaw in Aria Automation, prompting users to patch it now! Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws and a vulnerability affecting Bosch BCC100 Thermostat.

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack, while Phemedrone info stealer campaign exploits Windows smartScreen bypass. Balada Injector continues to infect thousands of WordPress sites.

Attackers target Apache Hadoop and Flink to deliver cryptominers, as Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic. Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION.

Juniper Networks fixed a critical RCE bug in its firewalls and switches, while Vast Voter Data Leaks Cast Shadow Over Indonesia's 2024 Presidential Election. Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467.

Team Liquid’s wiki leak exposes 118K users, as CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog. Two zero-day bugs in Ivanti Connect Secure actively exploited.

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected, while Cisco fixed critical Unity Connection vulnerability CVE-2024-20272.

ShinyHunters member sentenced to three years in prison, as HMG Healthcare disclosed a data breach. Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval.

Decryptor for Tortilla variant of Babuk ransomware released, while Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws. CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog, as Syrian group Anonymous Arabic distributes stealthy malware Silver RAT.

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications, DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace. Long-existing Bandook RAT targets Windows machines.

A cyberattack hit the Beirut International Airport, while Iranian crypto exchange Bit24.cash leaks user passports and IDs. Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION.

Turkish Sea Turtle APT targets Dutch IT and Telecom firms, as Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea.

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages, while The source code of Zeppelin Ransomware sold on a hacking forum. Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months.

Ivanti fixed a critical EPM flaw that can result in remote code execution, as MyEstatePoint Property Search Android app leaks user passwords. Hacker hijacked Orange Spain RIPE account causing internet outage to company customers.

HealthEC data breach impacted more than 4.5 Million people, while Experts found 3 malicious packages hiding crypto miners in PyPi repository. Crooks hacked Mandiant X account to push cryptocurrency scam.

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud, as CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG.

Don’t trust links with known domains: BMW affected by redirect vulnerability, while Hackers stole more than $81 million worth of crypto assets from Orbit Chain.

Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv. The Cyber Wars are far from over, and the stakes have never been higher.