Month: July 2024

0 Comments
Security researchers have uncovered a sophisticated phishing campaign targeting Microsoft OneDrive users. The campaign employs advanced social engineering tactics to trick users into executing a PowerShell script, compromising their systems.  The attack, discovered by the Trellix Advanced Research Center, begins with an email containing an HTML file urging users to resolve a DNS issue to
0 Comments
Security researchers have shed light on a new iteration of Mandrake, a sophisticated Android cyber-espionage malware tool. Initially analyzed by Bitdefender in May 2020, Mandrake had operated undetected for at least four years.  In April 2024, Kaspersky researchers discovered suspicious samples that were confirmed to be a new version of Mandrake. This latest variant was
0 Comments
Jul 29, 2024Ravie LakshmananEnterprise Security / Data Protection Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords. The
0 Comments
Organizations are concerned about security threats stemming from developers using AI, according to a new Checkmarx report. The cloud-native application security provider found that 15% of organizations explicitly prohibit the use of AI tools for code generation, however 99% say that AI code-generating tools are being used regardless. Meanwhile, just 29% of organizations have established
0 Comments
Jul 27, 2024NewsroomCybersecurity / Cloud Security Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users’ Google Cloud credentials from a narrow pool of victims. The package, named “lr-utils-lib,” attracted a total of 59 downloads before it was taken down.
0 Comments
Video Attackers abusing the “EvilVideo” vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files 26 Jul 2024 This week, ESET researchers documented their discovery of a zero-day exploit that appeared for sale on underground forums and targets the Telegram app for Android. The
0 Comments
Jul 27, 2024NewsroomMalware / Cyber Intelligence French judicial authorities, in collaboration with Europol, have launched a so-called “disinfection operation” to rid compromised hosts of a known malware called PlugX. The Paris Prosecutor’s Office, Parquet de Paris, said the initiative was launched on July 18 and that it’s expected to continue for “several months.” It further
0 Comments
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a “sophisticated AI-powered phishing-as-a-service platform” capable of targeting users of more
0 Comments
Ransomware and business email compromise (BEC) attacks accounted for 60% of all incidents in the second quarter of 2024, according to a Cisco Talos report. Technology was the most targeted sector in this period, making up 24% of incidents – a 30% rise on the previous quarter. The researchers said that attackers may view technology
0 Comments
Jul 25, 2024NewsroomMalware / Cyber Espionage A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps
0 Comments
Digital Security Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances Tony Anscombe 23 Jul 2024  •  , 3 min. read As the dust settles on the cyber-incident caused by CrowdStrike releasing a corrupted update, many businesses will, or should, conduct a
0 Comments
Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products
0 Comments
Prolific Chinese espionage group Daggerfly (aka Evasive Panda, Bronze Highland) has extensively updated its malware toolkit, increasing its abilities to target most major operating systems (OS), according to an analysis by Symantec. The latest developments suggest the group is using a shared framework to enable it to effectively target Windows, Linux, macOS and Android OS.
0 Comments
Jul 23, 2024NewsroomCyber Espionage / Chinese Hackers Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group “also engages in internal espionage,” Symantec’s Threat Hunter Team, part
0 Comments
The Play ransomware group has introduced a Linux variant of its malware that specifically targets VMWare ESXi environments, according to recent findings from Trend Micro.  First detected in June 2022, the Play ransomware has gained notoriety for its sophisticated double-extortion tactics, custom-built tools and significant impact on organizations, especially in Latin America. Expansion to ESXi
0 Comments
The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced “technology suite” that runs the whole cybercrime supply chain spectrum to spearhead its operations. Infoblox
0 Comments
Video A purported ad blocker marketed as a security solution hides kernel-level malware that inadvertently exposes victims to even more dangerous threats 21 Jul 2024 This week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft. The malware masquerades as
0 Comments
A suspected technical issue at cybersecurity vendor CrowdStrike is causing mass IT outages across the world, disrupting critical sectors such as airlines, banks, media and retailing. The issue appears to concern an update to CrowdStrike’s security platform Falcon Sensor, which is impacting Microsoft Windows operating systems. Reports suggest the affected systems are struggling to boot