The Pioneer Kitten attackers are monetizing their access to compromised organizations' networks by selling domain admin credentials and full domain control privileges on cybercrime marketplaces.

The Internet Systems Consortium (ISC) has released patches to fix multiple security vulnerabilities in the BIND 9 DNS software suite that could lead to denial-of-service attacks.

The vulnerabilities are as follows: CVE-2012-4792, a decade-old vulnerability in Internet Explorer allowing remote code execution, and CVE-2024-39891, an information disclosure flaw in Twilio Authy.

The US Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team exercise at an unnamed federal agency in 2023, exposing serious security failings that left critical assets vulnerable.

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the UK, and the US have warned about APT40, a China-linked cyber espionage group known for quickly exploiting new security bugs after public disclosure.

The vulnerability, tracked as CVE-2024-6071, affects version 20.7.0.0 and earlier, and allows unauthenticated remote attackers to execute arbitrary OS commands on the server through a web interface.

The CISA warned industrial organizations about a high-severity vulnerability in an EoL industrial switch by RAD Data Communications. The agency discovered a publicly available PoC exploit targeting a path traversal vulnerability in RAD SecFlow-2.

This vulnerability (CVE-2024-5659) can be exploited by sending abnormal packets to the mDNS port, leading to a major nonrecoverable fault (MNRF/Assert) and compromising the availability of the device.

The guidance document details the latest tactics employed in foreign malign influence operations to shape U.S. policies, decisions, and discourse and could be used to target America’s election infrastructure.

CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations.