Singapore and the U.S. signed several Memorandums of Understanding (MOUs) to expand their cybersecurity cooperation in areas such as defense, banking, and research and development, according to ZDNet. These activities include increased information sharing, team building, training and skills development. Three MOUs show more ...
Researchers identified 4 new ransomware gangs that are targeting businesses and key infrastructure, according to The Hacker News. Ransomware attacks nowadays did not only increase in frequency and intensity, but went beyond financial gain, posing a threat to the national security of firms, hospitals, schools, and show more ...
A customized version of the WhatsApp Messaging App for Android has been found to display full-screen advertising, register device users for unwanted premium subscriptions without their agreement and deliver dangerous payloads, says The Hacker News. Generally speaking, modifications of legitimate Android apps are show more ...
The hacker known as Mr. White found a way to resolve one of the biggest cryptocurrency thefts of all time, according to CNBC. Earlier this week, Poly Network, a decentralized financial network, announced that about $600 million in bitcoin had been stolen from its vaults due to a coding error. The sum was changed show more ...
We recently discovered that a version of popular WhatsApp mod FMWhatsApp includes an embedded Trojan. The Trojan, called Triada, downloads other malware to users’ devices. Here’s how it happened and why using modified versions of WhatsApp is dangerous. Why use WhatsApp mods? Not all users are happy with show more ...
Less than a year after raising its $6 million seed funding round, Tel Aviv and Sunnyvale-based startup build.security is being acquired by Elastic. The financial terms of the deal were not disclosed.
The vulnerability allowed the threat actor to distribute a malicious document through a remote Cloudflare worker but make it look like it was being downloaded directly from UPS.com.
The Nokia subsidiary discovered that its network was breached by Conti ransomware operators on June 16, only after deploying their payloads and encrypting SAC Wireless systems.
Iranian APT Lyceum has been disguising as HR managers and employees of well-known firms to compromise the networks of IT and communication firms in Israel, since 2018. The threat actor carried out several waves of attacks using several tools, malware, and malicious documents. Security professionals are urged to keep a strict watch on the development of the Lyceum group.
Apple Inc CEO Tim Cook and Microsoft Corp Chief Executive Satya Nadella will also attend the White House cybersecurity event, Bloomberg News reported on Monday, citing sources.
Security firm SAM Seamless Network discovered that a Mirai botnet began searching for devices unpatched against the flaw on August 18, only two days after IoT Inspector shared details of the bug.
Specifically, some of the remaining funds were held in a wallet that could only be unlocked with the hacker's help; the private key needed to access those funds was given up to Poly some hours ago.
Researchers at Mnemonics Labs have found a vulnerability (CVE-2021-34749) in the server name indication, or SNI, of the TLS Client Hello extension used to perform TLS inspection.
New ransomware group LockFile has been discovered using the PetitPotam NTLM relay attack method to take over a Windows domain completely. The adoption of the recently discovered PetitPotam attack into their campaign indicates that hackers are actively working to enhance the malware. Furthermore, researchers noted that the ransom note by the group appears similar to that of the LockBit ransomware group.
Kubescape is an open-source tool that helps organizations test if Kubernetes is deployed securely, as defined in the recently released Kubernetes Hardening Guidance by NSA and CISA.
Cybercriminals are increasingly deploying CAPTCHA-protected malicious URLs to bypass security walls while adding counterfeit login for lottery and survey pages. Targeted victims are baited into revealing their information, such as addresses, date of births, banking information, and annual income. Such phishing pages show more ...
Silent video footage capturing the dire conditions of life inside Tehran's Evin Prison were shared with the media on Sunday by hacktivist group Tapandegan (Palpitations).
In terms of the new guidelines for payment gateways and payment aggregators, online merchants will not be able to store credit card data, forcing customers to enter their 16-digit numbers manually.
This cyberespionage campaign uses previously unidentified shellcode loaders, which we have named StealthVector and StealthMutant, and a backdoor, which we have dubbed ScrambleCross.
A security researcher discovered that it was quite easy to trigger a vulnerability in WebAdmin of SG UTM, an attacker could exploit the flaw by sending an HTTP request to vulnerable devices.
Data breaches like ransomware can be catastrophic for some businesses. Not only do affected organizations lose revenue from the downtime, but the post-breach costs can also be significant.
The FBI has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations since at least November 2020 as a ransomware affiliate.
Australia's data protection regulator says organizations hit by ransomware may be underreporting data breaches because they haven't thoroughly figured out if data was taken.
The malware campaign’s modus operandi involves social engineering techniques such as luring the victim into downloading a document file weaponized with a malicious macro.
The funding comes from a variety of pro-Linux and open-source organizations, including Google, Microsoft, OpenSSF, the LF Public Health foundation, and the Linux Foundation itself.
Chief among the new entrants is AvosLocker, a RaaS group that commenced operations in late June via "press releases" that are branded with a blue beetle logo to recruit new affiliates.
According to a report published by PhishLabs, 54% of attacks in the cryptocurrency industry came from threat actors impersonating brands, employees, and executives on social media.
The hackers changed their obfuscation and encryption techniques every 37 days. This implies that the gang is highly motivated and possesses sophisticated detection evasion mechanisms.
Researchers found that an attacker with access to a health care facility's network could take control of B. Braun SpaceStation by exploiting a common connectivity vulnerability.
Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists.
Upstream's Series C funding was led by Mitsui Sumitomo Insurance and was joined by new investors I.D.I. Insurance, 57 Stars’ NextGen Mobility Fund, and La Maison Partners.
Threat actors can evade detection using filename matching by renaming the binary executable, as the side-loading technique will remain viable regardless of the name of the executable.
According to an advisory by Zoom on August 13, the most severe of the flaws leveraged in this exploit chain, tracked as CVE-2021-34407, was patched in the Zoom Client for Meetings version 5.6.3.
The first six months of 2021 saw a significant increase in the volume and sophistication of attacks targeting individuals, organizations, and increasingly critical infrastructure.
Once the app is launched, the malware gathers unique device identifiers (Device IDs, Subscriber IDs, MAC addresses) and the name of the app package where they’re deployed.
Hunters, which has offices in Newton, Mass. and Tel Aviv, Israel, was founded in 2018 and has raised a total of $50.4 million to date. Its latest round was led by Bessemer Venture Partners (BVP).
The company doesn’t think it was the intent of the hacker to release patients’ medical information but rather as a way to launch more sophisticated phishing email attacks on other Revere employees.
According to the latest telemetry by Trend Micro, researchers revealed that they had detected multiple LockBit 2.0 attack attempts in Chile, Italy, Taiwan, and the U.K.
Recent studies on the FluBot banking malware confirmed that there has been a spike in the number of malicious distribution pages affecting a number of Australian, Polish, and German banks.
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
Ubuntu Security Notice 5050-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle show more ...
PotPlayer version 1.7.21523 build 210729 suffers from an out-of-bounds write condition that can cause a crash.
More than 38 million records from 47 different entities that rely on Microsoft's Power Apps portals platform were inadvertently left exposed online, bringing into sharp focus a "new vector of data exposure." "The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants,
A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge. "The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK),"
A previously undisclosed "zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq
Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims. "While the ransomware crisis appears poised to get worse
