New fraud campaigns have been discovered involving the Medusa (TangleBot) banking Trojan, which had evaded detection for nearly a year. An analysis published by Cleafy researchers last week revealed that this sophisticated malware family, first identified in 2020, has resurfaced with significant changes. This malware, known for its remote access Trojan (RAT) capabilities, includes keylogging,
admin
Jun 25, 2024NewsroomVulnerability / Threat Detection Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact (“sccm-updater.msc“) that was
Security researchers from Group-IB have unveiled the operations of a threat actor known as Boolka, whose activities involve deploying sophisticated malware and engaging in web attacks. According to an advisory published by the company on Friday, the group has been observed exploiting vulnerabilities through SQL injection attacks since 2022, targeting websites across various countries. The
Jun 24, 2024NewsroomVulnerability / Artificial Intelligence Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. “The Naptime architecture is centered around the interaction between an AI agent and a target codebase,” Google Project
Threat actors have published nearly 400GB of data stolen from pathology provider Synnovis, including sensitive NHS patient information, according to reports. The data was apparently accessed by ransomware group Qilin following the attack on critical NHS supplier Synnovis on June 3, 2024. The gang reportedly posted the information on its darknet site and Telegram channel
Jun 22, 2024NewsroomPhishing Attack / Adware A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. “The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,” cybersecurity firm eSentire said in an analysis, adding
The US government has banned cybersecurity provider Kaspersky from selling its products in the country because of the company’s alleged links to the Russian regime. On June 20, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) issued a Final Determination prohibiting Kaspersky Lab, Inc., the US subsidiary of the Russian cybersecurity
Video Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents 21 Jun 2024 A successful cyberattack can affect an organization in many ways, but the way the organization handles the incident extends far beyond the immediate aftermath. Indeed, the long-term
Jun 22, 2024NewsroomCyber Espionage / Threat Intelligence Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. “ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang,” Positive Technologies researchers Vladislav Lunin
The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed its Chemical Security Assessment Tool (CSAT) was breached by a malicious actor, and warned chemical facilities that sensitive data may have been exfiltrated. The attackers exploited a zero-day vulnerability in an Ivanti Connect Secure appliance to infiltrate CSAT from January 23 to 26, 2024. The
Digital Security As health data continues to be a prized target for hackers, here’s how to minimize the fallout from a breach impacting your own health records Phil Muncaster 20 Jun 2024 • , 5 min. read Digital transformation is helping healthcare providers across the globe to become more cost-efficient, while improving standards of patient
Jun 21, 2024NewsroomMalware / Threat Intelligence A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. “SneakyChef uses lures that are scanned documents of government agencies, most of which
The notorious LockBit group has reemerged to become the most prominent ransomware actor in May 2024, according to a new analysis by NCC Group. LockBit 3.0 returned to the fold in May to launch 176 ransomware attacks, 37% of the total number for the month. This represents an enormous 665% month-on-month increase for the ransomware-as-a-service
Business Security, Critical Infrastructure Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat Phil Muncaster 19 Jun 2024 • , 5 min. read Hacktivism surged back into mainstream consciousness with Russia’s invasion of Ukraine in February 2022. Less than two years later, politically-motivated
Jun 20, 2024NewsroomFirmware Security / Vulnerability Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the use
Individuals in China have been targeted by a QR code-based phishing (quishing) campaign which uses QR codes in fake official documents to deceive victims, according to new research by Cyble Research and Intelligence Labs (CRIL). As part of the campaign, Microsfot Word files masquerade as official documents from the Chinese Ministry of Human Resources and
Jun 19, 2024NewsroomCybercrime / Crypto Security Crypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken’s Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it
More than nine in 10 (92%) organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023, according to a new report by Barracuda. Scamming and phishing continued to make up the vast majority (86%) of social engineering attacks last year. There were some notable trends in how attackers are
Business Security Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack Cameron Camp 17 Jun 2024 • , 3 min. read We watch real life attacks in horror, where companies simply try to defend against attackers stomping on their networks in real time,
Jun 18, 2024NewsroomPrivacy / Encryption A controversial proposal put forth by the European Union to scan users’ private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name. “Mandating mass scanning of
Los Angeles County Department of Public Health (DPH) has disclosed a data breach impacting more than 200,000 individuals. The data stolen includes personal, medical and financial information. The incident, which took place between February 19 and 20, 2024, was caused by an attacker gaining the log-in credentials of 53 Public Health employees through a phishing
Jun 17, 2024NewsroomRouter Security / Vulnerability ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. “Certain ASUS router models have authentication bypass vulnerability,
Researchers at cybersecurity provider ESET detected five cyber espionage campaigns starting in 2022, targeting Android users with trojanized apps in Egypt and Palestine. In a new report, ESET provided further details on these campaigns, which it attributed with medium confidence to the Arid Viper hacking group. The ESET researchers named the multistage spyware used to
ESET Research The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023 ESET Research 14 Jun 2024 • , 2 min. read In this episode of the ESET Research Podcast, we dissect the most interesting findings
Jun 16, 2024NewsroomCybercrime / SIM Swapping Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move
Microsoft President Brad Smith had admitted security failings by the firm in enabling Chinese state hackers access the emails of US government officials in the summer of 2023. In testimony at Congress to members of the US House Committee on Homeland Security on June 13, 2024, Smith said the tech giant accepts responsibility for all
Video The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app 14 Jun 2024 This week, ESET researchers released their findings about five campaigns that used trojanized apps to target Android users in Egypt and Palestine. Initiated in 2022,
Jun 15, 2024Newsroom Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. “The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and
Three weeks before the UK general election, Matthew Feeney, head of tech and innovation at the UK-based Centre for Policy Studies, warned about the deepfake threat to election integrity in a new report. The tech policy expert said that technological advances have made deepfakes easier and cheaper than ever to produce. However, he cautioned against
ESET researchers have identified five campaigns targeting Android users with trojanized apps. Most probably carried out by the Arid Viper APT group, these campaigns started in 2022 and three of them are still ongoing at the time of the publication of this blogpost. They deploy multistage Android spyware, which we named AridSpy, that downloads first-
- « Previous Page
- 1
- …
- 18
- 19
- 20
- 21
- 22
- …
- 123
- Next Page »