Read more coverage on the CrowdStrike IT outage: CrowdStrike has published a preliminary Post Incident Review (PIR) into the global IT outage on July 19, which was caused by a bug in a content update for its Falcon platform. The cybersecurity vendor revealed the incident was caused by a Rapid Response Content update containing an
Digital Security Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances Tony Anscombe 23 Jul 2024 • , 3 min. read As the dust settles on the cyber-incident caused by CrowdStrike releasing a corrupted update, many businesses will, or should, conduct a
Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products
Prolific Chinese espionage group Daggerfly (aka Evasive Panda, Bronze Highland) has extensively updated its malware toolkit, increasing its abilities to target most major operating systems (OS), according to an analysis by Symantec. The latest developments suggest the group is using a shared framework to enable it to effectively target Windows, Linux, macOS and Android OS.
ESET Research ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos Lukas Stefanko 22 Jul 2024 • , 6 min. read ESET researchers discovered a zero-day exploit that targets Telegram for Android, which appeared for sale for an unspecified price in an underground forum post from June
Jul 23, 2024NewsroomCyber Espionage / Chinese Hackers Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group “also engages in internal espionage,” Symantec’s Threat Hunter Team, part
The Play ransomware group has introduced a Linux variant of its malware that specifically targets VMWare ESXi environments, according to recent findings from Trend Micro. First detected in June 2022, the Play ransomware has gained notoriety for its sophisticated double-extortion tactics, custom-built tools and significant impact on organizations, especially in Latin America. Expansion to ESXi
Digital Security If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike Tony Anscombe 19 Jul 2024 • , 2 min. read Cybersecurity is often about speed; a threat actor creates a malicious attack technique or code,
The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced “technology suite” that runs the whole cybercrime supply chain spectrum to spearhead its operations. Infoblox
Researchers have uncovered a new form of malware called HotPage.exe. Initially detected at the end of 2023, this malware masquerades as an installer that ostensibly improves web browsing by blocking ads and malicious websites. However, it actually injects code into remote processes and intercepts browser traffic. As described in an advisory published by ESET earlier
Video A purported ad blocker marketed as a security solution hides kernel-level malware that inadvertently exposes victims to even more dangerous threats 21 Jul 2024 This week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft. The malware masquerades as
Jul 20, 2024NewsroomCybercrime / Data Breach Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made “in connection with a global cyber online crime group which has been targeting large organizations with ransomware and
A suspected technical issue at cybersecurity vendor CrowdStrike is causing mass IT outages across the world, disrupting critical sectors such as airlines, banks, media and retailing. The issue appears to concern an update to CrowdStrike’s security platform Falcon Sensor, which is impacting Microsoft Windows operating systems. Reports suggest the affected systems are struggling to boot
Digital Security The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here’s why you shouldn’t dread them. 19 Jul 2024 • , 3 min. read In the realm of computing, few things are as unsettling as encountering a blue screen of death (BSOD) on your Windows system.
Jul 20, 2024NewsroomMalware / IT Outage Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a
A US judge has dismissed most of the US Securities and Exchange Commission (SEC) accusations against IT management software company SolarWinds and its CISO, Timothy Brown, over a major 2020 cyberattack. In a 107-page decision made public on July 18, US District Judge Paul Engelmayer in Manhattan said SEC statements claiming that SolarWinds and Brown
Malware research involves studying threat actor TTPs, mapping infrastructure, analyzing novel techniques… And while most of these investigations build on existing research, sometimes they start from a hunch, something that looks too simple. At the end of 2023, we stumbled upon an installer named HotPage.exe that deploys a driver capable of injecting code into remote
Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” the company’s CEO George Kurtz said in a statement. “Mac and
Security researchers have identified several vulnerabilities in SAP AI Core, a platform that enables users to develop, train and run AI services. These vulnerabilities, found by Wiz and discussed in an advisory published on Wednesday, highlight significant risks associated with tenant isolation in AI infrastructure. In particular, the investigation into SAP AI Core revealed that
Jul 18, 2024NewsroomMalware / Windows Security Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous
Security researchers have unveiled more information about the Qilin ransomware group, which recently targeted the healthcare sector with a $50 million ransom demand. The attack on Synnovis, a pathology services provider, significantlyimpacted several key NHS hospitals in London earlier this month. Since its identification in July 2022, Qilin has gained notoriety for offering Ransomware-as-a-Service (RaaS)
While blue teams defend, red teams attack. They share a common goal, however – help identify and address gaps in organizations’ defenses before these weaknesses can be exploited by malicious actors. The blue/red team exercises provide invaluable insights across the technical, procedural and human sides of security and can ultimately help organizations fend off actual
Jul 17, 2024NewsroomCyber Espionage / Cryptocurrency Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People’s Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named “MiroTalk.dmg”
Security experts have uncovered a critical remote code execution (RCE) vulnerability, identified as CVE-2024-38112, within the MHTML protocol handler. This vulnerability, dubbed ZDI-CAN-24433, was reported from CVE-2024-38112 to Microsoft upon discovery (and later patched by the tech giant), with evidence suggesting it was actively exploited by the advanced persistent threat (APT) group Void Banshee. Known
Scams Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters. Márk Szabó 15 Jul 2024 • , 7 min. read What might be one of the easiest ways to scam
Jul 16, 2024NewsroomMobile Security / Online Security Details have emerged about a “massive ad fraud operation” that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software
The Sysdig Threat Research Team (TRT) has revealed significant developments in the activities of the SSH-Snake threat actor. The group, now referred to as CRYSTALRAY, has notably expanded its operations, increasing its victim count tenfold to more than 1500. According to a new advisory published by Sysdig last week, CRYSTALRAY has been observed using a
Jul 15, 2024NewsroomSupply Chain Attack / Cyber Threat Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories. JFrog, which found the GitHub Personal Access Token, said the secret was
A leading US car parts provider has revealed that a high-profile data breach earlier in 2024 will impact over two million job applicants and current and former employees. Advance Auto Parts is said to operate nearly 5000 stores and employ around 70,000 people across North America. A breach notification letter filed with the Office of
Video The issue of whether to ban ransomware payments is a hotly debated topic in cybersecurity and policy circles. What are the implications of outlawing these payments, and would the ban be effective? 12 Jul 2024 Back in May, we weighed in on the UK’s apparent plan to make it illegal for critical infrastructure entities
- « Previous Page
- 1
- …
- 11
- 12
- 13
- 14
- 15
- …
- 118
- Next Page »