Month: September 2022

0 Comments
Threat actors have been found deploying never-before-seen post-compromise implants in VMware’s virtualization software to seize control of infected systems and evade detection. Google’s Mandiant threat intelligence division referred to it as a “novel malware ecosystem” that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access to the hypervisor
0 Comments
A new multifunctional malware written in the Go programming language has been spotted in the wild, targeting both Windows and Linux systems. The discovery has been made by Black Lotus Labs, the threat intelligence team at Lumen Technologies, who published an advisory about the new threat on Wednesday. The team reportedly discovered and analyzed roughly
0 Comments
Optus, one of Australia’s largest telecommunications carriers, reported news of a data breach that may have compromised the information of current and former customers. As of this writing, the company has not stated how many customers may have been affected, citing their ongoing investigation in conjunction with law enforcement and Australian government officials According to
0 Comments
There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you.  Globally, plenty of people pull double duty
0 Comments
by Paul Ducklin Last week’s cyberintrusion at Australian telco Optus, which has about 10 million customers, has drawn the ire of the country’s government over how the breached company should deal with stolen ID details. Darkweb screenshots surfaced quickly after the attack, with an underground BreachForums user going by the plain-speaking name of optusdata offering
0 Comments
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. “Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through
0 Comments
Security researchers at SentinelOne have uncovered a variant of the Operation In(ter)ception campaign using lures for job vacancies at cryptocurrency exchange platform Crypto.com to infect macOS users with malware. According to an advisory published on Monday, the new attacks would represent a further instance of a campaign spotted by ESET and Malwarebytes in August and
0 Comments
At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that “moderators of the purported hacktivist Telegram channels ‘XakNet Team,’ ‘Infoccentr,’ and ‘CyberArmyofRussia_Reborn’ are coordinating their operations
0 Comments
Here’s to the hashtags, the likes, the followers, the DMs, and the LOLs—June 30th marks Social Media Day, a time to celebrate and reflect on how social media has changed our lives over the years.  Started in 2010 by media and entertainment company Mashable, celebrations have taken on all kinds of forms. Meetups, contests, calls to increase your social circle
0 Comments
The cyber mercenary group, Void Balaur, continues expanding its hack–for–hire campaigns despite disruptions to its online advertising personas. The new information comes from cybersecurity experts at SentinelLabs, who recently published an advisory detailing Void Balaur’s latest campaigns. Written by senior threat researcher Tom Hegel, the document discusses the findings that SentinelLabs first unveiled at its
0 Comments
Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers’ network. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the
0 Comments
The Department of Air Force (DAF) Enterprise IT as a Service’s (EITaaS) Base Infrastructure Modernization (BIM) procurement said it will evolve its digital modernization strategy to an “as a Service” model that will integrate network, end–user services and computing platforms. According to an announcement by technology company Lumen, which will collaborate with the DAF on the
0 Comments
A major financial services company has learned the hard way about the importance of proper disposal of customers’ personal data The U.S. Securities and Exchange Commission (SEC) has announced that Morgan Stanley has agreed to pay a penalty of $35 million for exposing the personal information of 15 million customers. According to SEC, the financial