admin

0 Comments
Security experts have repeated warnings about malicious applications hiding on official mobile app stores after finding dozens of them on Google Play. Bitdefender said it identified 35 in total by using behavioral analysis technology to scan the marketplace. They totaled over two million downloads. The apps perform various malicious activities to achieve persistence on the user’s
0 Comments
Removable media represents the second greatest threat to operational technology (OT) systems so far this year, according to new data from IBM X-Force. The vendor analyzed its incident response and managed security services (MSS) data in light of the ongoing threat from Russia and a fast-expanding digital attack surface for many OT asset owners and
0 Comments
Microsoft claims to have disrupted a prolific Russian state-backed threat group known for conducting long-running cyber-espionage campaigns against mainly NATO countries. In an update on August 15, the tech giant said it had disabled accounts used by the “Seaborgium” group for reconnaissance, phishing, and email collection, and updated detections against its phishing domains in Microsoft
0 Comments
by Paul Ducklin At the well-known DEF CON security shindig in Las Vegas, Nevada, last week, Mac cybersecurity researcher Patrick Wardle revealed a “get-root” elevation of privilege (EoP) bug in Zoom for Mac: Mahalo to everybody who came to my @defcon talk “You’re M̶u̶t̶e̶d̶ Rooted” 🙏🏽 Was stoked to talk about (& live-demo 😅) a
0 Comments
The digital skills gap, especially in cybersecurity, is not a new phenomenon. This problematic is now exacerbate by the prevalence of burnout, which was presented at Black Hat USA 2022 Discussion of the resourcing issues within the cybersecurity sector is not a new phenomenon; according to a recent article in Fortune Education, the number of
0 Comments
Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what’s suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated by
0 Comments
Only a fifth of North American organizations have cyber-insurance coverage over $600,000, leaving a potentially significant shortfall in funds if they are compromised by ransomware, according to BlackBerry. The security software developer teamed up with Corvus Insurance to produce its BlackBerry Cyber Insurance Coverage study, compiled from interviews with 450 IT decision makers in the
0 Comments
Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is “suspected of involvement in concealing criminal financial flows and facilitating money laundering” through the service, the Dutch Fiscal Information
0 Comments
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. “These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load
0 Comments
A key NHS IT partner that was hit by a ransomware attack last week has said it could take three to four weeks before all systems are back to normal. Advanced runs several key systems for the health service, including clinical patient management software (Adastra) and financial management software (eFinancials). One of its most important
0 Comments
A deep-dive in Zero-trust, to help you navigate in a zero-trust world and further secure your organization. Last week, at ChannelCon in Chicago, I participated on a panel titled ‘Building trust in a Zero Trust world’ with several other industry experts. The core concept of Zero Trust is ‘trust nothing, verify everything’ and for many
0 Comments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers – CVE-2022-27925 (CVSS score: 7.2)
0 Comments
The threat actor known as DeathStalker has continued to target and disrupt foreign and cryptocurrency exchanges around the world throughout 2022 using the VileRAT malware, according to security researchers from Kaspersky. The findings are detailed in an advisory published on August 10 2022, which mentions a number of VileRAT-focussed campaigns  supposedly perpetrated by DeathStalker, starting