admin

0 Comments
Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed. “An unauthorized party gained access to portions of the LastPass development environment
0 Comments
A maker of optical lenses and related equipment has agreed to pay $16.4m to settle allegations it broke the False Claims Act by paying kickbacks to eye care providers. The Department of Justice (DoJ) alleged the firm “knowingly and willfully offered or paid” optometrists and ophthalmologists to order its products for their customers, who included
0 Comments
The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart in early 2022. Russian cybersecurity firm Kaspersky codenamed the cluster GoldDragon, with the infection chains leading to the deployment of Windows malware designed to file lists, user keystrokes,
0 Comments
Ransomware threat detections have risen to over one million per month this year, with a French hospital the latest to suffer a major outage. The 1000-bed Center Hospitalier Sud Francilien (CHSF) near Paris revealed it was hit on Sunday morning, in an attack which has knocked out all the hospital’s business software, storage systems including
0 Comments
The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users. “This campaign specifically targeted chief executives and other senior members of various organizations which use [Google Workspace],” Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu detailed in a report published
0 Comments
More and more social platforms are coming up with safer ways for younger kids to access their apps. The most recent announcement comes from Facebook who is reportedly creating a version of Instagram for kids 13 and under. It’s a family safety win to see so many companies (YouTube, TikTok, and Facebook have parental control channels) making changes. That’s because
0 Comments
The percentage of media companies susceptible to compromise is double the figure across all other sectors, according to a new study from BlueVoyant. The security vendor used its tools to perform a cybersecurity posture analysis on 485 organizations from the media industry to compile its Media Industry Cybersecurity Challenges report. It found that 30% of
0 Comments
Security researchers have discovered a new threat campaign designed to trick users into downloading malware capable of hijacking their machine. Discovered by Sucuri, the attacks begin with a malicious JavaScript injection designed to target WordPress sites, resulting in a fake Cloudflare DDoS protection pop-up. These have become increasingly popular over recent years as website owners struggle
0 Comments
Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband (UWB) Real-time Locating Systems (RTLS), enabling threat actors to launch adversary-in-the-middle (AitM) attacks and tamper with location data. “The zero-days found specifically pose a security risk for workers in industrial environments,” cybersecurity firm Nozomi Networks disclosed in a technical write-up last week. “If a threat actor exploits these
0 Comments
Trojanized crypto-currency miners, also known as cryptojackers, continue to spread across computers around the world, while also becoming stealthier and increasingly avoiding detection. The data comes from Microsoft’s 365 Defender Research Team, who published a new analysis of cryptojackers on Thursday on its blog. “In the past several months, Microsoft Defender Antivirus detected cryptojackers on
0 Comments
Zero-day vulnerabilities are super active and Google and Apple are acting to patch these vulnerabilities, some of which seen on-the-wild. Google and Apple are both release patches for zero-day vulnerabilities that have already been exploited in the wild. ESET cybersecurity expert Tony Anscombe explains what those vulnerabilities are in simpler words, and reiterate the importance
0 Comments
Many people opt for encrypted messaging services because they like the additional layers of privacy they offer. They allow users to message their closest friends, family, and business partners without worrying about a stranger digitally eavesdropping on their conversation. The same people who message over encrypted services and apps are likely also diligent with securing
0 Comments
The Chinese advanced persistent threat (APT) actor known as APT41 (or Barium, Bronze Atlas, Double Dragon and Wicked Panda) has targeted at least 13 organizations across the US, Taiwan, India, Vietnam and China as part of four different campaigns in 2021. The news comes from Group-IB Security researchers, who published an advisory detailing APT41 activities from
0 Comments
The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously undocumented components to the modular framework, Morphisec researchers Hido Cohen and Arnold Osipov
0 Comments
The Estonian government has revealed that the country was on the receiving end of the “most extensive” DDoS attacks in 15 years this week after angering Moscow. The former Soviet state reportedly removed a Red Army monument from Tallin square this week, while a Soviet-era tank was removed in the eastern city of Narva. The government has
0 Comments
We’ve all heard about the Metaverse. And there’s no doubt it has certainly captured the attention of the world’s biggest companies: Facebook has changed its name to Meta, Hyundai has partnered up with Roblox to offer virtual test drives, Nike has bought a virtual shoe company and Coca-Cola is selling NFT’s there too. (Non-Fungible Tokens
0 Comments
Summary DarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks® Counter Threat Unit™ (CTU) researchers identified DarkTortilla samples