Today’s threat landscape is highlighted by CISA’s addition of five actively exploited vulnerabilities to its KEV catalog, demanding immediate attention from federal agencies and private organizations. Concurrently, the Akira ransomware group is escalating attacks against SonicWall VPNs, successfully bypassing MFA. Major incidents include a supply chain breach at Harrods exposing 430,000 records and the UK government’s £1.5B loan to Jaguar Land Rover following a debilitating cyberattack.
Top 5 Critical Security Alerts
- CISA Adds Five Known Exploited Vulnerabilities to Catalog: CISA has added five vulnerabilities to its KEV catalog, including flaws in Cisco IOS, Fortra GoAnywhere MFT, and Sudo, indicating active exploitation and requiring immediate patching by federal agencies. Read more
- Akira Hits SonicWall VPNs in Broad Ransomware Campaign: The Akira ransomware group is actively targeting SonicWall firewall customers by exploiting a known vulnerability to deploy their malware. Read more
- SonicWall SSL VPN Attacks Escalate, Bypassing MFA: Threat actors are escalating attacks against SonicWall SSL VPN appliances, with reports indicating that the Akira ransomware campaign is capable of bypassing multi-factor authentication for rapid deployment. Read more
- Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400): Security researchers are observing a significant increase in scanning activity for CVE-2024-3400, a critical vulnerability in Palo Alto’s Global Protect feature, as attackers seek unpatched systems. Read more
- First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package: A malicious npm package named ‘postmark-mcp’ was discovered containing the first-ever malicious Model Context Protocol (MCP) server, designed to intercept and exfiltrate sensitive emails, posing a significant supply chain risk. Read more
Threat Intelligence
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations: A new campaign is using malicious software disguised as legitimate AI productivity tools to deliver malware, targeting organizations across Europe, the Americas, and the AMEA region. Read more
- Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security: Microsoft has identified and blocked a sophisticated phishing campaign that used LLMs to generate obfuscated SVG files, enabling attackers to bypass standard email security defenses. Read more
- Ransomware gang sought BBC reporter’s help in hacking media giant: The Medusa ransomware gang reportedly attempted to recruit a BBC correspondent as an insider threat, offering a large sum of money to facilitate an attack on the media organization. Read more
- Ukrainian Cops Spoofed in Fileless Phishing Attacks on Kyiv: Attackers are impersonating the National Police of Ukraine in phishing attacks that use malicious SVG files to deploy the Amatera Stealer and PureMiner malware. Read more
Security Breaches & Incidents
- UK government bails out Jaguar Land Rover with £1.5B loan after hack disrupts vehicle production for weeks: Following a catastrophic cyberattack that halted production, the UK government is providing Jaguar Land Rover with a £1.5 billion loan guarantee to help restore its supply chain. Read more
- Harrods suffers new data breach exposing 430,000 customer records: The UK retailer disclosed a new data breach originating from a compromised third-party supplier, resulting in the theft of 430,000 sensitive e-commerce customer records. Read more
- Japan’s largest brewer suspends operations due to cyberattack: Asahi Group Holdings, Japan’s top beer brewer, has suspended several operations after a cyberattack disrupted its systems. Read more
- UK convicts “Bitcoin Queen” in world’s largest cryptocurrency seizure: A Chinese national has been convicted in a fraud case that led to the UK’s seizure of nearly $7 billion in Bitcoin, believed to be the largest crypto seizure in the world. Read more
Security Tools & Best Practices
- Tile’s lack of encryption could make tracker owners vulnerable to stalking: Security researchers warn that Tile trackers’ lack of encryption and a static MAC address could allow malicious actors to track users without their consent, creating significant stalking risks. Read more
- Welcoming CERN to Have I Been Pwned: The European Organization for Nuclear Research (CERN), the birthplace of the World Wide Web, is now using Have I Been Pwned to monitor for compromised accounts. Read more
Cloud & Network Security
- IoT Security Flounders Amid Churning Risk: Despite increasing attacks on IoT devices, a key US government security initiative for connected devices is reportedly stalled, leaving critical infrastructure like medical and industrial equipment at risk. Read more
Security Standards & Frameworks
- CISA and UK NCSC Release Joint Guidance for Securing OT Systems: CISA and international partners have released joint guidance on creating and maintaining a definitive architectural view of Operational Technology (OT) systems to improve risk assessment and security controls. Read more
- CISA Strengthens Commitment to SLTT Governments: CISA is transitioning to a new support model for state, local, tribal, and territorial (SLTT) governments, providing direct access to grant funding, no-cost tools, and cybersecurity expertise. Read more
Emerging Security Technologies
- Abusing Notion’s AI Agent for Data Theft: Researchers have demonstrated how Notion’s new AI agents are vulnerable to prompt injection attacks, allowing for data exfiltration by hiding malicious commands in PDF files. Read more
- Can We Trust AI To Write Vulnerability Checks? Here’s What We Found: Research into using AI for writing vulnerability checks shows that while it can accelerate the process, human oversight remains critical to ensure quality and prevent errors. Read more
- SB 53, the landmark AI transparency bill, is now law in California: California has passed Senate Bill 53, requiring large AI developers to publicly disclose their safety and security frameworks and providing whistleblower protections. Read more
