North Korean Cyber Attacks Target Military Secrets, US and Allies Confirm

 

Title: North Korean Hackers' Global Cyberespionage Campaign and the Indictment of Rim Jong Hyok

In a significant revelation, North Korean hackers have been found to be waging a global cyberespionage campaign aimed at stealing classified military secrets to support Pyongyang's banned nuclear weapons program. This alarming development was unveiled in a joint advisory issued by the United States, Britain, and South Korea. The advisory, co-authored by the US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and South Korea's National Intelligence Service (NIS), highlights the extensive reach and sophisticated tactics of North Korean cyber actors.

Critical Google Chrome Security Notice: 3 Billion at Risk

 

Google Chrome Security Update: What You Need to Know

Amidst a Flurry of Security and Privacy Alerts

In recent weeks, Google users have been inundated with a plethora of security and privacy updates. From critical changes in Gmail's security measures to the Play Store's new protections against rogue apps, staying on top of these updates can be daunting. However, a recent announcement by Google on Tuesday, July 23, is particularly crucial for Chrome users across all platforms except iOS.

Zero-Day Exploit in Telegram: A Gateway for Cybercriminals to Spread Malware

 

Exploiting the Invisible: How a Telegram Zero-Day Vulnerability Delivered Malware Disguised as Videos

Introduction

Cybersecurity firm ESET has discovered that threat actors exploited a vulnerability in Telegram for Android to distribute malicious files disguised as videos. This zero-day exploit, named "EvilVideo," allowed attackers to abuse Telegram's API to deliver malware through crafted multimedia files shared in channels, groups, and chats.

FrostyGoop: Emerging ICS Malware Poses Threat to Critical Infrastructure

 

FrostyGoop: ICS Malware Targeting Critical Infrastructure

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January.

Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop, describing it as the first malware strain to directly use Modbus TCP communications to sabotage operational technology (OT) networks. It was discovered by the company in April 2024.

Alert: Splunk Enterprise Vulnerability Poses Significant Security Threat

 

SonicWall Warns of Increased Severity in Recently Patched Splunk Enterprise Vulnerability

A recent advisory from SonicWall has highlighted that a vulnerability in Splunk Enterprise, which was recently patched, is more severe than initially thought and can be exploited with a simple GET request.

The vulnerability, identified as CVE-2024-36991 with a CVSS score of 7.5, is a path traversal bug affecting Splunk Enterprise on Windows versions earlier than 9.2.2, 9.1.5, and 9.0.10. Patches for this flaw were released by Splunk on July 1.

Flight Delays and Cancellations Hit Global Air Travel as Microsoft Cloud Outage Spreads

American Airlines Grounds All Flights Due to Mysterious Communication Problem Amid Microsoft Cloud Outage Chaos

In a shocking move, American Airlines grounded all its flights early Friday morning due to a communication problem, according to the Federal Aviation Administration (FAA). This unexpected disruption comes on the heels of a widespread Microsoft cloud outage that caused chaos for several low-cost airlines just hours earlier.

Crowdstrike fix workaround May the force be with you. ll windows blue dump issue

*Windows 10 Outage: Crowdstrike Update Causes Global Issues*