admin

0 Comments
A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since. The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cybersecurity firm Redacted, published on September 1, 2022. The majority of the victim
0 Comments
Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators’ connections to the Russia-based Evil Corp group. The findings suggest that “Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks,” IBM Security X-Force researcher Kevin Henson
0 Comments
A leading industry standards community has published its first guidelines for the testing of IoT security products, in a bid to drive independent benchmarking and certification efforts. The Anti-Malware Testing Standards Organization (AMTSO) said its Guidelines for Testing of IoT Security Products document was produced with input from testers and vendors. AMTSO board member, Vlad
0 Comments
Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. “Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services,” Symantec’s Threat Hunter team, a part of Broadcom Software, said in a report shared with The
0 Comments
A US cybersecurity non-profit has launched a new program designed to encourage more diverse candidates into the profession, while tackling persistent skills shortages. The National Cybersecurity Alliance (NCA) announced its Historically Black Colleges and Universities (HBCU) Career Program yesterday. It has been launched in partnership with top HBCUs and cybersecurity vendors including Prairie View A&M, Southern
0 Comments
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit of retail affiliate programs. “The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website,” McAfee researchers Oliver Devane
0 Comments
Google today announced a new program designed to reward researchers that find bugs in its open source projects. The Open Source Software Vulnerability Rewards Program (OSS VRP) will incentivize ethical hackers to make open source code more secure in major projects that Google maintains such as Golang, Bazel, Angular, Fuchsia and Protocol buffers. The OSS
0 Comments
Akasa Air, India’s newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug
0 Comments
Our phones store a lot of personal data, including contacts, social media account details, and bank account logins. We use our smartphones for everything under the sun, from work-related communication to online shopping.  However, like computer viruses, our phones can be vulnerable to malware. Viruses are a type of malware that replicate themselves and spread
0 Comments
Security researchers have revealed a new phishing campaign targeting Okta identity credentials and connected two-factor authentication (2FA) codes.  The analysis comes from the Group-IB, who said it was particularly interesting because despite using low-skill methods, the campaign was able to compromise a large number of well-known companies. In fact, attackers sent employees of the targeted companies text
0 Comments
In this career-journey series, Internal Audit Manager Chris shares his recent journey joining the McAfee finance team and why he is always learning something new in his role. A typical day I’m an Internal Audit Manager. Essentially, I work with my McAfee colleagues to understand the processes we follow and run tests to confirm everything
0 Comments
Iran-based threat actor MuddyWater (tracked by Microsoft as MERCURY) has been leveraging the exploitation of Log4j 2 vulnerabilities in SysAid applications to target organizations in Israel. The news comes from a new advisory from Microsoft’s security researchers, who said on Thursday they could assess with high confidence that MERCURY’s observed activity was affiliated with Iran’s Ministry
0 Comments
by Paul Ducklin Recent updates to Apple Safari and Google Chrome made big headlines because they fixed mysterious zero-day exploits that were already being used in the wild. But this week also saw the latest four-weekly Firefox update, which dropped as usual on Tuesday, four weeks after the last scheduled full-version-number-increment release. We haven’t written
0 Comments
Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability’s long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian intelligence
0 Comments
One of the world’s biggest cosmetics retailers has agreed to pay $1.2 million in penalties and take corrective action after falling foul of the California Consumer Privacy Act (CCPA). Announced by the state’s attorney general, Rob Bonta, this week, the settlement by Sephora is part of the administration’s efforts to enforce a law that came