Another WhatsApp modification, known as YoWhatsApp, has turned out to be malicious: it downloads the Triada Trojan to smartphones, which shows ads, secretly subscribes the user to paid content, and steals WhatsApp accounts. How did this happen and what lessons can we learn? Dont feed crocodiles with your hand, or show more ...
Callback phishing operations are evolving. Recently, scammers used old fake subscriptions lure for the first phase of the attack but switch to helping victims deal with an imaginary infection or hack. In one variation, the attackers send PayPal-themed phishing emails, asking users to check for compromise of their account.
Bitdefender has identified a cryptojacking campaign that uses a Microsoft OneDrive DLL Sideloading flaw to gain persistence and run undetected on infected devices. H1 2022 witnessed a 30% surge in cryptojacking instances at 66.7 million. Nevertheless, cryptojacking volumes dropped 96%, 87%, and 78% for the education, healthcare, and government sectors, respectively.
As part of its scheduled Patch Tuesday release cycle, Adobe warned the vulnerabilities could expose both Windows and macOS users to arbitrary code execution, arbitrary file system write, security feature bypass, and privilege escalation attacks.
ForgeRock announced that it has entered into a definitive agreement to be acquired by Thoma Bravo, a software investment firm, for $23.25 per share, in an all-cash transaction valued at approximately $2.3 billion.
FortiGuard Labs has encountered a malicious Excel document masquerading as a tool to calculate salaries for Ukrainian military personnel. The attack starts with an Excel file loaded with malicious macro code (XLSM).
VMware has provided a detailed report on how hacker using Emotet malware is shifting their tactics and command-and-control (C2) infrastructure to escape detection. Since its resurgence, Hackers have come up with several changes in its C2 infrastructure. The malware has launched two new botnet clusters dubbed Epochs 4 and 5, which are leveraged heavily during cyberattacks.
South-Korean cybersecurity firm AhnLab reported that LockBit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers of a customer of AhnLab were infected with LockBit 3.0 ransomware.
The White House National Security Council will announce plans Tuesday for a consumer products cybersecurity labeling program intended to improve digital safeguards on internet-connected devices, a senior White House official told CyberScoop.
VMware informed customers today that vCenter Server 8.0 (the latest version) is still waiting for a patch to address a high-severity privilege escalation vulnerability disclosed in November 2021.
The vulnerability that has been exploited is a Windows COM+ Event System Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain system privileges.
Researchers have demonstrated that threat actors could obtain global private keys that protect some of Siemens’ industrial devices, and the vendor says it cannot rule out malicious exploitation in the future.
Microsoft announced today that IT admins can now configure any Windows system still receiving security updates to automatically block brute force attacks targeting local administrator accounts via a group policy.
Brute Ratel is a commercial (paid) Adversary Emulation framework and a relative newcomer to the commercial C&C Framework space, where it competes with more established players such as Cobalt Strike.
The lures used in the phishing emails are for pandemic financial support programs like the “Paycheck Protection Program”, “Revitalization Fund”, and “COVID Economic Injury Disaster Loan.”
Patient portals, electronic prescriptions and some other IT systems are still unavailable at an undisclosed number of locations in the CommonSpirit Health network, the largest Catholic health system and the second-largest nonprofit US hospital chain.
German enterprise software maker SAP has released 15 new security notes on its October 2022 Security Patch Day, including two ‘hot news’ notes dealing with critical vulnerabilities. The company also updated two previously released security notes.
Researcher took the wraps off an APT group named Earth Aughisky that has been targeting Taiwanese through its malware toolsets for over a decade and recently started claiming victims in Japan. The security firm linked the activities of Earth Aughisky to another APT known as Pitty Tiger (aka APT24) due to the use of the same dropper in different attacks that happened between April and August 2014.
IronVest announced it has closed a $23 million seed funding round led by Accomplice, with participation from Trust Ventures, Ulysses, Joule Ventures, OurCrowd, and a number of strategic angel investors.
KnowBe4 has entered into a definitive agreement to be acquired by Vista Equity Partners in an all-cash transaction valued at approximately $4.6 billion on an equity value basis.
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals.
Ten Eleven Ventures led the latest round, while existing investors Goldman Sachs Asset Management, Summit Partners, Insight Partners, Menlo Ventures, and Citi Ventures all participated in the round.
Based on the bug bounty amounts that Google has paid out, the most severe of the newly addressed flaws is CVE-2022-3445, a use-after-free vulnerability in Skia, the open-source 2D graphics library that serves as Chrome’s graphics engine.
In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000.
County election workers in Arizona and Pennsylvania were inundated with a “surge” in malicious emails ahead of those states’ August primaries, researchers said Wednesday, highlighting the ongoing threat facing election officials before midterms.
A new phishing-as-a-service, dubbed Caffeine, was found offering an open registration and customer service support for newbies to help the launch their own campaign. It's a bit pricy but what makes Caffeine subscription 3–5 times costlier than its contemporaries is that it offers anti-detection and anti-analysis systems and customer support services.
The relatively new PseudoManuscrypt botnet made some changes to its C2 infrastructure that enabled the threat actors infect nearly 500,000 systems across 40 countries in the past eight months. Previously, Kaspersky had reported a similar technique being used by different malware families such as Socelars, SmokeLoader, and RedLine.
Today, we take a look at the new DDoS trends formed this year as the geopolitical situation in Eastern Europe continue to shape the nature and intensity of DDoS attacks. The first half of the year has witnessed multiple attacks on financial and government institutions. Last month, the LockBit ransomware group claimed to have been working on enhancing its DDoS capabilities.
Ubuntu Security Notice 5671-1 - It was discovered that AdvanceCOMP did not properly manage memory of function be_uint32_read under certain circumstances. If a user were tricked into opening a specially crafted binary file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a show more ...
Ubuntu Security Notice 5670-1 - Edward Thomson discovered that .NET 6 incorrectly handled permissions for local NuGet cache. A local attacker could possibly use this issue to execute arbitrary code.
Red Hat Security Advisory 2022-6890-01 - Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.
Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server
In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000. Will you be the next victim like Omnicell? If you are overlooking the importance of data protection, attackers can get you in no time. Explore the impact of
A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related TIA Portal, while bypassing all four of its access level protections," industrial cybersecurity
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as
As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they anticipate the continued expansion of attack surfaces in the near future, they also list digital supply
Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first
At UKCyberWeek at the Business Design Centre in London, on 3 & 4 November 2022, I'll be offering practical insight on how computer systems are being targeted, shine some light on mysterious and elusive global crime rings that have made billions of dollars, and describe the lessons that today's organisations should learn about how to protect themselves from attack. Grab your free ticket.
Ukraine has seen internet outages this week following renewed missile attacks from Russian forces. With a combination of power cuts and DDoS attacks knocking out telecommunications systems, internet availibility suffered a 35% dip. Read more in my article on the Hot for Security blog.
iOS 16.0.3 has been pushed out by Apple, and my advice is that you should install it.
