Black Basta has collected over $100 million in ransom payments from over 90 victims since April 2022. High-profile victims targeted by Black Basta include the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, and Rheinmetall.
Vigil focuses on identifying prompt injections, jailbreaks, and other potential vulnerabilities. Its creator, Adam M. Swanda, developed the tool to improve security practices around LLM applications.
The campaign involves the use of Windows Shortcut files embedded with malicious JavaScript to deliver the components of the trojan, and there are indications that a Chinese-speaking threat actor is behind the attacks based on the samples.
The vulnerability arises from the failure to safely sanitize user-supplied extensible stylesheet language transformations (XSLT), enabling attackers to upload malicious XSLT and gain remote access to Splunk Enterprise instances.
The two actively exploited security flaws, CVE-2023-42916 and CVE-2023-42917, were found in the WebKit web browser engine and could leak sensitive information or allow arbitrary code execution.
North Texas Municipal Water District (NTMWD) has experienced a cyberattack on its business computer network, but its core water, wastewater, and solid waste services remain unaffected.
Additionally, there are unconfirmed reports that Staples employees have been instructed to avoid logging into Microsoft 365 using single sign-on (SSO) and that call center employees have been sent home for two consecutive days.
Threat actors dabbles in obfuscation and evasion techniques. However, as previously detailed by Confiant, they are using much more advanced tricks. Their JavaScript uses obfuscation with changing variable names, making identification harder.
As per DataDome’s report shared with Hackread.com ahead of publication on Tuesday, 72.3% of e-commerce websites and 65.2% of classified ad websites failed the bot tests, whereas 85% of DataDome’s fake Chrome bots remained undetected.
Cybersecurity analysts identified that the attacker, posing as a financial services company in this campaign, tricks the target with a fake invoice email. The attacker dodges detection using a fake page and a real link.