Here are this week’s highlights in cybersecurity:

  • Albanian government systems shut down following massive cyberattack. More
  • A software supply chain attack technique allows threat actors to trick developers into using potentially malicious code by forging GitHub commit metadata. More
  • An FBI alert warns of cyber criminals that create fake cryptocurrency-themed apps to defraud investors. The scheme is believed to have netted 244 victims, with losses estimated at $42.7 million. More
  • During their last detected malware campaign, APT29 aka CozyBear leveraged Google Drive cloud storage services for the first time. Unit42 researchers highlight that the use of trusted services combined with encryption, makes it extremely difficult for organizations to detect malicious activity. More
  • Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urges Chinese authorities to take action against malicious cyber activities undertaken by Chinese APT groups. More
  • Luna is the newest malware family that relies on cross-platform programming languages, next to BlackCat and Hive. Luna is built in Rust and can encrypt Linux, Windows and ESXi. More
  • Microsoft re-enables default blocking of Office macros present in downloaded documents after updating documentation. More
  • Atlassian fixes critical vulnerability in Confluence consisting of using hardcoded credentials. When installing the Questions for Confluence app, the setup adds the credentials to the Confluence instance. So a remote attacker can use those credentials to view and edit Confluence pages. More
  • EvilNum is a sophisticated backdoor used in targeted attacks against European cryptocurrency & forex entities. More
  • Windows 11 now blocks password brute-force attacks by default, including attacks targeting RDP. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.