Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms

Source: The Hacker News

The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals.

Link to article 

Insurance Sector Should Be on the Lookout for ‘Scattered Spider’ Hackers

Source: Insurance Journal

Watch out, insurance industry. A well-known cybercrime group appears to have shifted focus to insurers. Apparently, recent cybersecurity incidents at Erie Insurance, Philadelphia Insurance Cos., and most recently Aflac are indicative of a trend. The largely decentralized hacking group known as Scattered Spider have pivoted from retailers to insurance companies, according to Google Threat Intelligence Group.

Link to article

LLMs Tricked by 'Echo Chamber' Attack in Jailbreak Tactic

Source: Info Risk Today

A series of well-timed nudges are enough to derail a large language model and use it for nefarious purposes, researchers have found. A proof-of-concept attack detailed by Neural Trust shows how bad actors can steer LLMs into producing prohibited content, without issuing an explicitly harmful request.

Link to article

Attackers Wield Signed ConnectWise Installers as Malware

Source: Data Breach Today

Researchers are tracking a rise in online attacks involving legitimate ConnectWise software that's been turned into malware, and sometimes disguised as AI image converters or PDF files.

Link to article

Hype Alert: 'The Largest Data Breach in History' That Wasn't

Source: Data Breach Today

Beware of claims of "colossal" collections of leaked online credentials, for therein almost always lies a heavy dose of exaggeration - as in this week's news of archives comprising 16 billion stolen login credentials have circulated on the cybercrime underground.

Link to article