0 Comments
A new sophisticated malicious campaign is using an undetected Cerberus Android banking Trojan payload, according to cybersecurity provider Cyble. In a new report published on October 14, Cyble Research and Intelligence Labs (CRIL) identified 15 malicious samples posing as Chrome and Play Store apps from mid-September through the end of October. These samples use a multi-stage
0 Comments
Japanese game developer Game Freak, the firm behind the Pokémon franchise, has suffered a security breach exposing the data of 2606 employees and partners. The leak first appeared on forum 4chan in early October and is now circulating on social media and online forums under the name ‘TeraLeak’, following the naming trend of the 2020
0 Comments
Oct 14, 2024Ravie LakshmananNetwork Security / Vulnerability A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate
0 Comments
Video ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities 11 Oct 2024 This week, ESET researchers published the results of their probe into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic
0 Comments
Oct 13, 2024Ravie Lakshmanan The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for
0 Comments
Oct 12, 2024Ravie LakshmananCryptocurrency / Cybercrime The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S. Federal Bureau
0 Comments
Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process. In this post, we’ll explore hybrid attacks — what they are and the most common
0 Comments
The world’s most famous digital library has suffered a series of cyber-attacks that rendered its site, including its Wayback Machine, temporarily unavailable and exposed the data of 31 million users. On October 8, 2024, Internet Archive founder, Brewster Kahle, confirmed on X that archive.org was hit by a distributed denial-of-service (DDoS) attack before announcing a
0 Comments
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of
0 Comments
The Australian government has introduced the country’s first standalone cybersecurity law to Parliament. The new legislation aims to better protect citizens and organizations against a heightened geopolitical and cyber threat environment. The Cyber Security Bill 2024 covers a range of areas, including mandating minimum cybersecurity standards for IoT devices and mandatory ransomware reporting for critical
0 Comments
Oct 09, 2024The Hacker NewsSaaS Security / Identity Security Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many
0 Comments
Oct 08, 2024Ravie LakshmananCyber Threat / APT Attack Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. “The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems,” Kaspersky said,
0 Comments
Oct 07, 2024The Hacker NewsPassword Security / Data Security The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breaches, leaks, and significant
0 Comments
Oct 04, 2024Ravie LakshmananPhishing Attack / Cybercrime Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly
0 Comments
Sellafield Ltd has been fined £332,500 ($437,440) for cybersecurity failings running the Sellafield nuclear facility in Cumbria, North-West England. The fine was issued by Westminster Magistrates Court following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20
0 Comments
Digital Security Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices Tony Anscombe 01 Oct 2024  •  , 3 min. read As we enter October, governments, non-profit organizations, cybersecurity vendors and many companies with corporate social responsibility teams are all likely gearing up to push out some
0 Comments
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities – before they