SECURITYWEEK’S latest cybersecurity roundup highlights significant threats and developments in the industry. Key stories include:
1. **AI Chatbot Exploitation:** Attackers use AI chatbot recommendations and SEO tricks to distribute fake utilities, gaining unauthorized access to systems for cryptojacking.
2. **Grandoreiro Trojan Campaign:** A malware campaign targeting financial institutions in Europe and Latin America, utilizing DLL side-loading techniques.
3. **Storm-2697 Ransomware:** A self-propagating encryption malware that spreads across networks while remaining concealed.
4. **Merkle Tree Certificates:** Let’s Encrypt's adoption of this technology to secure web authentication while reducing bandwidth.
5. **Tank Gauge Vulnerabilities:** U.S. agencies warn about internet-exposed Automatic Tank Gauge systems being exploited by threat actors.
6. **CISA Director Nomination:** Palantir CTO being considered for the role as CISA faces budget constraints.
7. **Data Breach at Ultrahuman:** A malware infection led to the leak of customer data but did not compromise passwords.
8. **Hola Browser Compromise:** A crypto-miner was found bundled in a version of Hola Browser due to a supply chain issue.
9. **AI Threat Landscape:** A study reveals the increasing use of AI in cyberattacks, indicating a rise in risk levels.
10. **Comodo Firewall Vulnerability:** A critical vulnerability allowing remote exploitation by sending malformed packets.