Iran's 'Fox Kitten' Group Aids Ransomware Attacks on US Targets

Dark Reading Daily [TechWeb]( Follow Dark Reading: [RSS]( August 30, 2024 LATEST SECURITY NEWS & COMMENTARY [Iran's 'Fox Kitten' Group Aids Ransomware Attacks on US Targets]( In a joint advisory, CISA and the FBI described the activity as a likely attempt by the group to monetize access to networks it already has compromised. [Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums]( Ransomware attacks and email-based fraud account for 80% to 90% of all claims processed by cyber insurers, but a handful of cybersecurity technologies can help prevent big damages. [Brazilian Ad Fraud Network 'Camu' Hits 2B+ Daily Bid Requests]( The global Internet helps just about everything to scale more easily, including piracy and ad fraud. [Exploited: CISA Highlights Apache OFBiz Flaw After PoC Emerges]( The vulnerability carries nearly the highest score possible on the CVSS scale, at 9.8, impacting a system used by major companies around the world. [Top Travel Sites Have Some First-Class Security Issues to Clean Up]( Public-facing vulnerabilities, cloud sprawl, access to back-end servers are just a few of the challenges travel and hospitality companies must address. [How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture]( Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [BlackByte Targets ESXi Bug With Ransomware to Access Virtual Assets]( The pivot is one of several changes the groups using the malware have used in recent attacks. [Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking]( Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks. [Manufacturing Sector Under Fire From Microsoft Credential Thieves]( The emails impersonate well-known companies in the industry, fooling the victim into thinking they are communicating with a legitimate entity. [Why LLMs Are Just the Tip of the AI Security Iceberg]( With the right processes and tools, organizations can implement advanced AI security frameworks that make hidden risks visible, enabling security teams to track and address them before impact. [MORE]( PRODUCTS & RELEASES [Cobalt Appoints Sonali Shah as CEO]( [SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024]( [AuthenticID Unveils Enhanced Smart ReAuth™ for Instant Biometric Reauthentication]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet]( CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware. LATEST FROM THE EDGE [News Desk 2024: Hacking Microsoft Copilot Is Scary Easy]( As enterprises in the world embrace Microsoft's AI assistant, researcher Michael Bargury warns its security is lacking. Check out his News Desk interview during Black Hat USA. LATEST FROM DR TECHNOLOGY [Check Point, Cisco Boost AI Investments With Latest Deals]( Cisco's deal to acquire Robust Intelligence will make it possible to use red team algorithms to assess risk in AI models and applications, while Check Point's acquisition of Cyberint will add threat intelligence to its SOC platform. LATEST FROM DR GLOBAL [South Korean APT Exploits 1-Click WPS Office Bug, Nabs Chinese Intel]( The most popular office software suite in China actually has two critical vulnerabilities, which allowed hackers the opportunity for remote code execution. Time to patch. WEBINARS - [Harnessing the Power of Automation to Boost Enterprise Cybersecurity]( - [How to Evaluate Hybrid-Cloud Network Policies and Enhance Security]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [5 Essential Insights into Generative AI for Security Leaders]( - [The Future of Passwords and the Passwordless Evolution]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( - [Boston Beer Company Transforms OT Security & Reduces Costs]( - [Tracking the Untrackable: Taking a Proactive Approach to Emerging Risks]( - [The Future of Audit, Risk, and Compliance: Exploring AI's Transformative Impact, Use Cases, and Risks]( - [IT Risk & Compliance Platforms: A Buyer's Guide]( [View More White Papers >>]( FEATURED REPORTS - [Threat Hunting's Evolution:From On-Premises to the Cloud]( - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125451&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_08.30.24&sp_cid=54907&utm_content=DR_NL_Dark%20Reading%20Daily_08.30.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#b1 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)