The Voltzite threat, a subset of China’s Volt Typhoon APT, has been actively targeting US electric companies and African electric transmission and distribution organizations, with the intent to compromise physical industrial control systems.
Organizations based in the EU are being targeted by spear phishing campaigns leveraging EU political and diplomatic events, according to the bloc’s Computer Emergency Response Team (CERT-EU).
The Washington County Board of Commissioners voted to pay a $350,000 ransom to Russian cybercriminals after a cyberattack shut down county services. The decision was made in an emergency meeting due to the deadline set by the hackers.
The settlement includes options for affected individuals such as identity theft monitoring, reimbursement for losses, or a flat fee cash payment, with attorneys seeking about one-third of the settlement fund in fees.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Microsoft Windows vulnerabilities to its list of Known Exploited Vulnerabilities. These flaws, CVE-2024-21412 and CVE-2024-21351, are actively being exploited in the wild.
Vyacheslav Igorevich Penchukov, a Ukrainian cybercriminal, pleaded guilty to leading the Zeus and IcedID malware groups, involved in stealing millions of dollars and attacking a major hospital with ransomware.
Russia continues to target Ukraine with cyber operations and espionage to gain an edge in the ongoing ground campaign, focusing on supply chain disruption and information gathering.
The FTC has finalized a new rule to combat AI-driven impersonation fraud targeting government and businesses. The rule allows it to take legal action to recover proceeds from scams and is now being considered for extension to protect individuals.
The company emphasized the need to shift from AI being an assistive technology to becoming an autonomous one, and highlighted the importance of controlling access to incident data for training AI systems.
Multiple security flaws, including actively exploited vulnerabilities and weaknesses in the Integrity Checker Tool, have been discovered, highlighting the need for enhanced visibility and validation of digital supply chains in enterprise products.