Security researchers have reported a significant increase in cyber activity targeting the upcoming Indian general election. This surge, driven by various hacktivist groups, has resulted in the leakage of personal identifiable information (PII) of Indian citizens on the dark web. The election, set to occur in seven phases from April 19 to June 1 2024, will
Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that’s behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. “Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate,” the company said in its latest Cyber Signals report. “We’ve seen
Source code of fake Pegasus spyware is being sold on the surface web, the dark web and instant messaging platforms, CloudSEK has found. Following Apple’s recent warning about “mercenary spyware” attacks, cloud security provider CloudSEK investigated the clear and dark web for spyware-related threats. The firm analyzed approximately 25,000 Telegram posts and found that many
ESET Research Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings 23 May 2024 • , 6 min. read The Nim programming language has become increasingly attractive to malware developers
May 24, 2024NewsroomMalvertising / Endpoint Security Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. “Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who
Microsoft has warned retailers and restaurants of sophisticated gift card fraud which can cost victims up to $100,000 a day. In a new Cyber Signals report, the tech giant highlighted a 30% rise in intrusion activity by the threat actor Storm-0539 between March and May 2024. The group, which operates out of Morocco, focuses on
Video As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond? 24 May 2024 UK authorities are reportedly planning to make it mandatory for ransomware victims to report incidents to the government and obtain a
May 25, 2024NewsroomMachine Learning / Data Breach Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. “Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all
Australian patients’ health and personal information has reportedly been published online by following the ransomware attack on medical prescriptions provider MediSecure. The Melbourne-based company confirmed on May 24 that a data set containing the personal information and limited health data of its customers has been posted onto a dark web forum by a cybercriminal group.
Digital Security As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response Cameron Camp 22 May 2024 • , 3 min. read We have seen AI morphing from answering simple chat questions for school homework to attempting to detect weapons in
May 24, 2024NewsroomEndpoint Security / Threat Intelligence The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. “The adversary created their own rogue VMs within the VMware
Security researchers have revealed a series of criminal campaigns that exploit cloud storage services such as Amazon S3, Google Cloud Storage, Backblaze B2 and IBM Cloud Object Storage. These campaigns, driven by unnamed threat actors, aim to redirect users to malicious websites to steal their information using SMS messages. According to a technical write-up published
May 23, 2024NewsroomRansomware / Virtualization Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed. “Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,” cybersecurity firm
Security experts have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code and attachment-based threats in the past six months. This data comes from SlashNext’s mid-year The State of Phishing 2024 report, which also identified an 856% increase in malicious email and messaging threats over the previous 12 months. Since the
Business Security The prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum? Márk Szabó 21 May 2024 • , 4 min. read Human resource professionals know that the market price
Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that’s believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets, Bitdefender said in a report shared with The Hacker News. “The investigation revealed a troubling trend
Security researchers have observed a new DoppelGänger campaign dubbed Operation Matriochka aimed at challenging the credibility of journalists and fact-checkers since May 2022. By leveraging X (formerly Twitter), the operation not only disseminated disinformation articles but also engaged in commenting and sharing to prompt further investigation. According to a technical write-up published by the Sekoia
May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. “On instances that use
A new report has revealed that 59% of geographically distributed businesses encounter network issues at least once a month. Kaspersky’s findings, titled “Managing geographically distributed businesses: challenges and solutions,” highlight the frequent network outages, lost connections and poor performance of services and applications that these companies face. The study also shows that 46% of these businesses
May 20, 2024NewsroomCyber Attack / Threat Intelligence An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under the moniker Void Manticore, which is
Australian healthcare company MediSecure has suffered a “large scale” ransomware attack, putting individuals’ personal and health information at risk. The electronic prescriptions provider confirmed the incident in a statement on May 16, which it admitted has impacted the personal and health information of individuals. The company confirmed that the attack was caused by an attack
The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively. The foreign
A new banking Trojan targeting Android devices has been detected by Cyble Research and Intelligence Labs (CRIL), the research branch of threat intelligence provider Cycble. In a report published on May 16, CRIL described sophisticated malware incorporating a range of malicious features, including overlay attacks, keylogging and obfuscation capabilities. The researchers called the Trojan “Antidot”
Video This week, ESET experts released several research publications that shone the spotlight on a number of notable attacks and broader developments on the threat landscape 17 May 2024 This week, ESET experts released several research publications that shone the spotlight on a number of notable attacks and broader developments on the threat landscape. First,
A new report from XM Cyber has found – among other insights – a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack
Multiple UK councils have warned that citizens’ personal data may have been breached following a ransomware attack on a medical equipment supplier. Nottingham Rehab Supplies (NRS) Healthcare, which supplies health and care equipment numerous local authorities across the UK, was hit by a ransomware attack at the start of April 2024. The attack resulted in
ESET Research One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft Marc-Etienne M.Léveillé 14 May 2024 • , 3 min. read Ten years ago we raised awareness of Ebury by publishing a white paper we
May 17, 2024NewsroomCryptojacking / Malware The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating
Security researchers have detected Storm-1811, a financially motivated cybercriminal group, exploiting Quick Assist, a client management tool, in social engineering attacks. According to a technical blog post published by Microsoft on Wednesday, Storm-1811, notorious for deploying Black Basta ransomware, has been observed initiating these attacks through voice phishing (vishing) since mid-April 2024, employing tactics like
ESET researchers discovered two previously unknown backdoors – which we named LunarWeb and LunarMail – compromising a European ministry of foreign affairs (MFA) and its diplomatic missions abroad. We believe that the Lunar toolset has been used since at least 2020 and, given the similarities between the tools’ tactics, techniques, and procedures (TTPs) and past
- « Previous Page
- 1
- …
- 16
- 17
- 18
- 19
- 20
- …
- 118
- Next Page »