Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity of show more ...
With AI and publicly available data, cybercriminals have the resources they need to fake a real-life kidnapping and make you believe it.
APIs enable cloud transformation but bring security risks, demanding robust, adaptive strategies to safeguard data and operations.
As cyber insurance gets more expensive and competitive, security decision-makers have actionable opportunities to strengthen their cyber defenses.
Telcos across the Middle East are rapidly rolling out 5G networks. Will this accelerated adoption lead to higher security vulnerabilities?
Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.
Come up with a clever cybersecurity-related caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
Woman is accused of assisting Russian oligarchs and ransomware affiliates with schemes to evade sanctions.
Previously limited to initial access brokering, the Gootloader group has pivoted to a nasty post-compromise "GootBot" attack, each implant with its own C2.
Cybercriminals are abusing legitimate functions within cloud services, and providers can't totally stop them, especially when it comes to innovative approaches like this.
Researchers identified Russian-linked Turla APT deploying an updated version of the Kazuar backdoor, suggesting a revival of the malware after years of inactivity with improved code structure and enhanced functionality. The new version of the Kazuar backdoor supports over 40 distinct commands. The upgraded show more ...
The ongoing tensions between Armenia and Azerbaijan, particularly around the disputed Nagorno-Karabakh region, have created a backdrop for the use of Pegasus spyware, targeting various individuals including politicians, activists, and journalists.
States have been demanding increased federal funding to support election infrastructure security, establish federal cybersecurity and audit standards for voting equipment, and replace outdated technologies.
Discord has been a breeding ground for cybercriminals, with thousands of malware operations exploiting its CDN URLs to distribute and install malicious payloads on compromised systems.
The Secure Future Initiative includes implementing secure default settings out of the box and using automation, AI, and memory-safe languages to develop software that is secure by design and default.
The European Data Protection Board has directed the Irish Data Protection Commissioner to restrict Meta platforms from using customer's personal data for ad personalization, citing a violation of GDPR.
The botnet uses a domain generation algorithm (DGA) to connect with its command and control server and can be instructed to establish backconnect server connections, allowing infected devices to be used as proxy servers.
Researchers at Positive Security demonstrated that by integrating a keylogger with a Bluetooth transmitter into a USB keyboard, passwords and other sensitive data typed on the keyboard can be relayed through the Find My network via Bluetooth.
The Mobile Application Security Assessment (MASA) allows developers to have their apps independently validated against a global security standard, such as the Mobile Application Security Verification Standard (MASVS).
The data, which is being sold on Breach Forums for $50,000 in cryptocurrency, includes bank statements, personal information of 730,000 individuals, and sensitive details such as Russian Social Security Numbers and bank routing information.
In 2023 alone, there has been a 60% year-on-year increase in large breaches impacting over 88 million individuals, with hacking accounting for 77% of these breaches, according to the HHS.
The website of BrickLink, a popular LEGO marketplace, is currently down due to a reported hacking incident. Hackers are allegedly demanding payments in cryptocurrency in exchange for not deleting store inventories and other items on BrickLink.
Cloud-native development practices are creating dangerous new security blind spots for organizations in the US, UK, France, and Germany, according to a new study from Venafi.
Dropper malware allows cybercriminals to install payloads on compromised devices. SecuriDropper disguises itself as harmless apps and uses a different Android API to install the payload, mimicking the process used by app marketplaces.
The FBI has attributed recent cryptocurrency hacks to North Korean-sponsored threat actors, highlighting the need for increased cybersecurity cooperation among liberal democracies in the Pacific.
An Iranian APT group known as Agrius has been targeting higher education and technology organizations in Israel with destructive attacks and wipers, including MultiLayer, PartialWasher, and BFG Agonizer, since January 2023.
According to a report by Sophos, the rate of data encryption following a ransomware attack in the healthcare sector has reached its highest level in the last three years.
The first vulnerability, tracked as CVE-2023-23368, allows remote attackers to execute commands via a network. The second vulnerability, identified as CVE-2023-23369, can also be exploited by remote attackers.
Google has warned about a new threat called Google Calendar RAT (GCR) that uses the Calendar service as command-and-control infrastructure. It creates a covert channel by exploiting event descriptions in Google Calendar, making detection difficult.
SideCopy is employing phishing tactics and using compromised domains with reused IP addresses to distribute malicious files and deploy malware, including a Linux variant of the Ares RAT, indicating a multi-platform approach in their attacks.
Election officials in Hinds County, Mississippi, had to rush to complete poll worker training after a breach in early September compromised county computers. This caused a delay in processing voter registration forms.
Post-quantum cryptography (PQC) algorithms should be implemented to replace vulnerable traditional public key cryptography (PKC) algorithms to mitigate the threat of quantum computers.
Understanding API security risks isn't just a good idea — it's a business imperative. A single API breach can lead to financial losses and reputational damage.
The U.S. Department of the Treasury imposed sanctions against a Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the Ryuk ransomware group. Ekaterina Zhdanova, per the department, is said to have facilitated large cross border transactions to assist Russian individuals to gain access to Western financial markets and
Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius,
Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023. "The script creates a 'Covert Channel' by exploiting the event
An updated version of an information stealer malware known as Jupyter has resurfaced with "simple yet impactful changes" that aim to stealthily establish a persistent foothold on compromised systems. "The team has discovered new waves of Jupyter Infostealer attacks which leverage PowerShell command modifications and signatures of private keys in attempts to pass off the malware as a legitimately
QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud. "If exploited, the vulnerability could allow remote attackers to execute commands via a network," the
Cybersecurity researchers have shed light on a new dropper-as-a-service (DaaS) for Android called SecuriDropper that bypasses new security restrictions imposed by Google and delivers the malware. Dropper malware on Android is designed to function as a conduit to install a payload on a compromised device, making it a lucrative business model for threat actors, who can advertise the capabilities
Organizations that intend to tap into the potential of LLMs must also be able to manage the risks that could otherwise erode the technology’s business value
