'Commando Cat' Digs Its Claws into Exposed Docker Containers
Source: Dark Reading
For months now, cybercriminals have been taking advantage of misconfigured Docker containers to perform cryptojacking. "Commando Cat" — not the only campaign targeting Docker lately — traces back to the beginning of the year. According to the latest update from Trend Micro, the unknown attackers are still exploiting Docker misconfigurations to gain unauthorized access to containerized environments, using Docker images to deploy cryptocurrency miners and make a quick buck.
New Fog ransomware targets US education sector via breached VPNs
Source: Bleeping Computer
A new ransomware operation named 'Fog' launched in early May 2024, using compromised VPN credentials to breach the networks of educational organizations in the U.S. Fog was discovered by Arctic Wolf Labs, which reported that the ransomware operation has not set up an extortion portal yet and was not observed stealing data. However, BleepingComputer can confirm the ransomware gang steals data for double-extortion attacks, using the data as leverage to scare victims into paying.
Zyxel Releases Emergency Security Update for NAS Devices
Source: Data Breach Today
A networking solutions vendor fixed critical vulnerabilities in end-of-life products that allow remote code execution. Zyxel issued an emergency security update Tuesday that addresses three critical vulnerabilities affecting its older network-attached storage devices: the NAS326 and NAS542 models, which have reached end-of-life status.
Snowflake Clients Targeted With Credential Attacks
Source: Info Risk Today
Hackers are targeting clients of artificial intelligence data platform provider Snowflake that lack multifactor authentication, the company said. The Bozeman, Montana-based company told customers Friday it observed "an increase in cyber threat activity targeting some of our customers' accounts." The activity, it said, is unrelated to vulnerabilities or a misconfiguration within Snowflake.
Data Security Needs to Catch Up With Growing Threats
Source: Infosecurity Magazine
Organizations need to be aware of the threats to their mission-critical data and take urgent steps to protect their data assets, according to an expert panel at Infosecurity Europe. Businesses and public sector bodies both face growing risks from nation state actors, criminal groups and insiders. These actors are increasingly targeting enterprise data, both because of its value and because it often lacks appropriate levels of protection.