0 Comments
Your phone is likely a daily companion, giving you access to work emails, chats with friends, weather reports, and more — all in the palm of your hand. You can also use your phone for browsing online, looking up everything from your favorite recipes to your most-read media webpages.  While being able to browse whenever
0 Comments
Dec 15, 2022Ravie LakshmananAdvanced Persistent Threat A Chinese-speaking advanced persistent threat (APT) actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments. The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and
0 Comments
Prominent threat actors have been spotted exploiting legitimately signed Microsoft drivers in active intrusions into telecommunication, business process outsourcing (BPO), managed security service providers (MSSP) and financial services companies. The findings from SentinelLabs, Sophos and Mandiant were first shared with Microsoft in October 2022. On Tuesday, the four companies released advisories detailing the attacks. Investigations into
0 Comments
ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer ESET researchers discovered a spearphishing campaign, launched in the weeks leading up to the Japanese House of Councillors election in July 2022, by the APT
0 Comments
Social media company Twitter has issued a public statement regarding allegations that it was hacked earlier this year. Writing in a blog post on Friday, the Elon Musk-owned platform said it learned that someone had potentially exploited a vulnerability that Twitter reportedly discovered in January and fixed in June 2022. The flaw enabled someone submitting
0 Comments
Dec 13, 2022Ravie LakshmananOpen Source / Vulnerability Database Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect “a project’s list of dependencies with the vulnerabilities
0 Comments
The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m). The figures come from a letter from HSE chief information officer Fran Thompson sent to Aontú leader Peadar Tóibín last Friday. The missive, viewed by The Irish Times, comes months after the Department of Health
0 Comments
Dec 12, 2022Ravie LakshmananEndpoint Detection / Data Security High-severity security vulnerabilities have been disclosed in different endpoint detection and response (EDR) and antivirus (AV) products that could be exploited to turn them into data wipers. “This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on
0 Comments
A subgroup of the Iran-based Cobalt Mirage threat group has been observed leveraging Drokbk malware to achieve persistence on victims’ systems. The claims come from Secureworks Counter Threat Unit (CTU) researchers, who shared an advisory about Drokbk with Infosecurity before publication. According to the security team, the attacks come from Cobalt Mirage’s subgroup, Cluster B.
0 Comments
Dec 10, 2022Ravie LakshmananWeb App Firewall / Web Security A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a key line of defense to help filter, monitor, and block
0 Comments
Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cybersecurity specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages. “Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads
0 Comments
Happy National App Day! No, we don’t mean apps of the mozzarella stick and potato skin variety, but your mobile apps that let you order dinner, hail a taxi, stay connected to your friends, and entertain you for hours with silly videos. While they’re undoubtedly useful, mobile apps are also a weak spot in some
0 Comments
ESET researchers uncover a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group This week, ESET researchers published their findings about a new wiper, Agrius, and its execution tool, Sandals, both attributed to the Iran-aligned Agrius APT group. The researchers discovered the malicious tool while analyzing a supply-chain attack that
0 Comments
Dec 10, 2022Ravie LakshmananHack-for-Hire / Threat Intelligence Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware
0 Comments
Xenomorph pilfers victims’ login credentials for banking, payment, social media, cryptocurrency and other apps with valuable data More than 50,000 Android devices were compromised with an Android banking trojan called Xenomorph earlier this year. First reported by ThreatFabric, Xenomorph posed as a system-optimizing app called “Fast Cleaner”. Disguising malicious software as device optimizers, battery- or performance-enhancing and
0 Comments
Businesses know they need cybersecurity, but it seems like a new acronym and system is popping up every day. Professionals that aren’t actively researching these technologies can struggle to keep up. As the cybersecurity landscape becomes more complicated, organizations are desperate to simplify it. Frustrated with the inefficiencies that come with using multiple vendors for
0 Comments
Indiana’s attorney general filed two separate lawsuits against social media firm TikTok Wednesday alleging the platform promoted content to young users that isn’t age-appropriate and did not adequately protect the safety of users’ data. According to court documents, the TikTok algorithm “promotes a variety of inappropriate content to 13-17-year-old users throughout the United States.” Indiana’s