Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised hosts. Tracked under the names BlackWidow, IceNova, Lotus, or Unidentified 111, Latrodectus, is also considered to be a successor to IcedID owing to infrastructure overlaps between the two malware families. It has been used in campaigns associated with two initial access brokers (IABs) known as TA577 (aka Water Curupira) and TA578.
Cybersecurity workers are facing burnout, putting businesses at risk
More than two-thirds (68%) of cybersecurity professionals across Europe are facing burnout, potentially leaving businesses at risk of attack, new research has warned. A report from SoSafe report found of the 1,250 security leaders surveyed, around one-third each reported severe burnout (32%) and moderate burnout (36%), with the UK standing out for its high stress levels. However, SoSafe is warning vulnerabilities being caused by stressed and burnt out workers is fueling the cybersecurity crisis, with threat actors actively exploiting this section of the landscape to gain access to internal systems and data.
U.S. cybersecurity chief says election systems have ‘never been more secure’
Amid widespread concerns of outside interference influencing the results this year’s presidential election, the head of the country’s cybersecurity agency says election infrastructure is more secure than ever. State and local election officials across the country have made big improvements to strengthen both physical and cyber security at polling and voting locations to preserve election integrity, said Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency, in an interview with Weekend Edition.
New York DFS unveils AI cybersecurity guidance to protect financial sector
Superintendent Adrienne A. Harris highlighted the dual nature of AI, noting its ability to improve threat detection and incident response strategies, while also providing new avenues for cybercriminals. These guidelines are part of the DFS’s continued efforts to shield New Yorkers and DFS-licensed entities from the evolving dangers of cybersecurity threats. Building on the foundation of the nation-leading cybersecurity regulation (23 NYCRR Part 500), the new guidance also aligns with recent initiatives to prevent discrimination by insurers using AI.
Pharma Giant Johnson & Johnson Discloses Data Breach
US pharmaceutical giant Johnson & Johnson has disclosed a data breach impacting the personal information of thousands of people. Johnson & Johnson informed the Maine Attorney General’s Office late last week that it had detected a security breach on its network in mid-August 2024. The company launched an investigation and took steps to enhance its security after discovering the intrusion. “The third-party digital forensic investigation determined that your personal information could have been compromised. Specifically, files related to our insurance practice were stored in a J&J network location that was subject to unauthorized activity,” Johnson & Johnson is telling impacted individuals.
