Security

Cybersecurity experts at Cisco Talos have exposed the latest operations of the espionage-driven Arid Viper advanced persistent threat (APT) group. The new campaign, active since April 2022, has been targeting Arabic-speaking Android users. According to an advisory published earlier today, the modus operandi of Arid Viper involves the deployment of customized mobile malware in the

A new malicious campaign by the notorious Lazarus Group has been observed leveraging malware distributed through legitimate software. Kaspersky’s Research and Analysis Team (GReAT) unveiled the cyber campaign at the Security Analyst Summit (SAS). The team’s investigation identified a series of cyber incidents where targets were infected through legitimate software designed to encrypt web communications

Microsoft has described the Octo Tempest (aka Scattered Spider, 0ktapus, UNC3944) group as “one of the most dangerous financial criminal groups” operating today. In a lengthy analysis, the tech giant explained that the financial extortion group is unusual in comprising English-speaking threat actors, even though it has collaborated with the Russian-speaking ALPHV/BlackCat ransomware operation. “Historically,

The UK’s National Cyber Security Centre (NCSC) has announced the launch of a new offering designed to prevent school users visiting malicious websites. PDNS for Schools is completely free and will be rolled out from now into the coming year, according to NCSC deputy director for economy and society, Sarah Lyons. “This timeframe will allow

Generative AI is too beneficial to abandon despite the threats it poses to organizations, according to experts speaking at the ISC2 Security Congress 2023. During a session at the event, Kyle Hinterburg, Manager at LBMC and Brian Willis, Senior Manager at LBMC pointed out that while criminals will utilize generative AI tools and they carry

In an update to previous reports, Kaspersky’s Global Research and Analysis Team (GReAT) has disclosed new insights into the notorious Operation Triangulation at the recent Security Analyst Summit.  The investigation delves into the complex cyber assault that targeted both the public and Kaspersky’s own employees, offering fresh details on the attack chain and its implications

ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server.  The new campaign, described in an advisory published today, targeted Roundcube Webmail servers of governmental entities and a think tank in Europe. ESET Research promptly reported the vulnerability to the

Salt Security has revealed research unveiling critical API security vulnerabilities in the OAuth protocol implementations of popular online platforms like Grammarly, Vidio and Bukalapak.  These vulnerabilities, which have now been addressed, had the potential to compromise user credentials and enable full account takeovers, endangering billions of users. The research paper, published today, marks the final chapter

A recent research report by Uptycs has highlighted the evolution of QuasarRAT, an open-source remote administration tool (RAT) known for its lightweight nature and range of malicious functions.  According to an advisory published on Friday by Uptycs security researcher Tejaswini Sandapolla, the C#-based tool, also referred to as CinaRAT or Yggdrasil, has been discovered employing

Valve is bolstering the security of its Steamworks platform by introducing SMS verification for developers, aiming to prevent future incidents of hackers infiltrating developer accounts.  The move comes in response to previous breaches where malevolent actors compromised developers’ accounts and injected malware into various game builds. While these attacks, as confirmed by PC Gamer, impacted fewer

Vietnam-based cybercriminals are believed to be behind to attacks using DarkGate malware, which have targeted organizations in the UK, US and India since 2018. WithSecure researchers have tracked these attacks to an active cluster of cybercriminals using the Ducktail infostealer, which has been used in recent campaigns targeting Meta business accounts. The DarkGate and Ducktail

The use of AI chatbots and AI-enabled manipulation of information by malicious actors is a key threat ahead of the upcoming 2024 elections across the continent, according to the European Union Agency for Cybersecurity (ENISA). The 11th edition of ENISA’s Threat Landscape report, published on October 19, 2023, compiles cyber threats observed by the Agency

The Hoxhunt Challenge has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk.  The study, published today and conducted in 38 organizations across nine industries and 125 countries, revealed that 22% of phishing attacks in the first weeks of October 2023 used QR codes to

Google has bolstered the security of Android devices with a significant update to Google Play Protect. According to the tech giant, this development is in response to the growing prevalence of cyber-threats targeting mobile devices. Google Play Protect is an existing security feature that scans approximately 125 billion apps daily for malware and unwanted software. 

Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed “TetrisPhantom.” The persistent operation has specifically targeted government institutions in the Asia-Pacific region (APAC), utilizing a unique method involving secure USB drives for data infiltration. Kaspersky’s findings are part of their latest quarterly APT threat landscape report. The clandestine campaign, which

Unpatched WS_FTP servers exposed to the internet have become prime targets for ransomware attacks, with threat actors exploiting a critical vulnerability.  Writing on Infosec Exchange last Thursday, Sophos X-Ops’ incident responders described an attempted ransomware attack by the self-proclaimed Reichsadler Cybercrime Group. The attack reportedly utilized a stolen LockBit 3.0 builder to create ransomware payloads. Despite Progress

A new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below) has been discovered by the Patchstack team. With over 20,000 active installations, this popular plugin is used for user-generated content submissions and is developed by Plugin Planet. The vulnerability, discussed by Patchstack security researcher Rafie Muhammad in an advisory published today,

Email security provider Cofense has discovered a new phishing campaign comprising over 800 emails and using LinkedIn Smart Links. The campaign was active between July and August 2023 and involved various subject themes, such as financial, document, security, and general notification lures, reaching users’ inboxes across multiple industries. The financial, manufacturing and energy sectors are

The UK’s financial regulator has fined Equifax Ltd. over £11m ($13.4m) for failing to protect UK consumer data stolen in the notorious 2017 data breach. The Financial Conduct Authority (FCA) announced the financial penalty on October 13, 2023. The FCA stated that Equifax’s UK business failed to take appropriate action to protect the personal data

CISO salary growth has slowed with 20% receiving no raise at all in 2023, according to a new study by IANS Research and Artico Search. The research found an average total compensation increase of 11% over the past 12 months. This represents a reduction of 14% from the previous year. The average base salary increase

In a recent security alert, the team behind the popular open-source tool curl has announced the release of fixes for two vulnerabilities: CVE-2023-38545 and CVE-2023-38546.  Today’s release marks a crucial step in addressing these security concerns. Curl, a command-line tool for data transfer supporting various network protocols, plays a vital role in countless applications, with

FortiGuard Labs, the research arm of security firm Fortinet, has uncovered a significant evolution in the IZ1H9 Mirai-based DDoS campaign.  Discovered in September and described in an advisory published on Monday, the new campaign has reportedly rapidly updated its arsenal of exploits, incorporating 13 distinct payloads, targeting various vulnerabilities across different Internet of Things (IoT)

Flagstar Bank, a prominent Michigan-based financial services provider, has warned 837,390 of its US customers about a data breach that occurred through a third-party service provider, Fiserv.  The breach exposed the personal information of a substantial number of customers. It was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv

Two leading US government security agencies have shared the top 10 most common cybersecurity misconfigurations, in a bid to improve baseline security among public and private sector organizations. The report from the NSA and Cybersecurity and Infrastructure Security Agency (CISA) was compiled from their red and blue team assessments, as well agency hunt and incident

Despite the takedown of the Qakbot threat gang’s infrastructure by the FBI in late August, some of the group’s affiliates are still deploying ransomware through phishing campaigns, according to Cisco Talos. Talos threat researchers found new evidence that a threat actor linked to the Qakbot malware loader (also known as QBot or Pinkslipbot) has been

Amazon Web Services (AWS) said it will require multi-factor authentication (MFA) for all privileged accounts starting mid-2024, in a bid to improve default security and reduce the risk of account hijacking. From that time, any customers signing into the AWS Management Console with the root user of an AWS Organizations management account will be required

Chinese threat actors are positioning themselves to deploy major cyber-attacks against US critical national infrastructure (CNI) in the event of an escalation of hostilities between the two nations. Microsoft’s latest Digital Defense Report (MDDR) observed a rise in Chinese state-affiliated actors, such as Circle Typhoon and Volt Typhoon, targeting sectors like transportation, utilities, medical infrastructure

Human Security has exposed a significant monetization method employed by a sophisticated cyber-criminal operation. This operation involved the sale of backdoored off-brand mobile and CTV (Connected TV) Android devices through major retailers, which had originated from repackaging factories in China. The scheme, known as BADBOX, deploys the Triada malware as a “backdoor” on various devices

The Madagascar government likely used the Cytrox-developed Predator spyware to conduct political domestic surveillance ahead of the country’s presidential election, according to research by Sekoia. French threat intelligence firm Sekoia’s latest technical analysis of Cytrox’s infrastructure was prompted by recent revelations that Predator had been installed on the iPhone of the former Egyptian MP Ahmed

Thousands of organizations around the world are using industrial control systems (ICS) exposed to the public internet, new analysis from Bitsight has found. The firm discovered nearly 100,000 directly exposed ICS across its inventory of global organizations, including Fortune 1000 businesses. This internet exposure makes it easier for threat actors to infiltrate and control physical