Open source software has its perks, but supply chain risks can't be ignoredWhile app development is faster and easier, security is still a concern Analysis Open...
Day: February 27, 2023
Google Patches Chrome’s Fifth Zero-Day of the Year
Google Patches Chrome’s Fifth Zero-Day of the YearAn insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code...
Fake Reservation Links Prey on Weary Travelers
Fake Reservation Links Prey on Weary TravelersFake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and...
iPhone Users Urged to Update to Patch 2 Zero-Days
iPhone Users Urged to Update to Patch 2 Zero-DaysSeparate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat...
Firewall Bug Under Active Attack Triggers CISA Warning
Firewall Bug Under Active Attack Triggers CISA WarningCISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.Read MoreThreatpostCISA...
Twitter Whistleblower Complaint: The TL;DR Version
Twitter Whistleblower Complaint: The TL;DR VersionTwitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s...
Ransomware Attacks are on the Rise
Ransomware Attacks are on the RiseLockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.Read MoreThreatpostLockbit is by...
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance CamerasTens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.Read MoreThreatpostTens...
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox KeyloggerResearchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.Read...
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 FirmsOver 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.Read MoreThreatpostOver 130 companies tangled in...
Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records2.5 million people were affected, in a breach that could spell more trouble down the line.Read MoreThreatpost2.5 million people were affected,...
Top 10 Venmo scams: Don’t fall for these common tricks
Top 10 Venmo scams: Don’t fall for these common tricksHere's what to know about some of the most common ploys that scammers use on the payment...
Tech support scammers are still at it: Here’s what to look out for in 2023
Tech support scammers are still at it: Here’s what to look out for in 2023Hello, is it me you’re looking for? Fraudsters still want to help...
Ransomware payments down 40% in 2022 – Week in security with Tony Anscombe
Ransomware payments down 40% in 2022 – Week in security with Tony AnscombeRansomware revenue plunges to $456 million in 2022 as more victims refuse to pay...
Hybrid play: Leveling the playing field in online video gaming and beyond
Hybrid play: Leveling the playing field in online video gaming and beyondDoes VALORANT’s approach to cheating signal a turning point in how we deal with the...
ChromeLoader Malware Poses as Steam, Nintendo Game Mods
ChromeLoader Malware Poses as Steam, Nintendo Game ModsAsec said the malicious activity observed relied on VHD disk image filesRead MoreAsec said the malicious activity observed relied...
News Corp Reveals Two-Year-Long Breach
News Corp Reveals Two-Year-Long BreachA threat actor accessed business documents and emails between February 2020 and January 2022Read MoreA threat actor accessed business documents and emails...
Researchers Discover Nearly 200,000 New Mobile Banking Trojan Installers
Researchers Discover Nearly 200,000 New Mobile Banking Trojan InstallersKaspersky said the figures are more than double what the team observed in 2021Read MoreKaspersky said the figures...
CERT of Ukraine says Russia-linked APT backdoored multiple govt sites
CERT of Ukraine says Russia-linked APT backdoored multiple govt sitesThe CERT of Ukraine (CERT-UA) revealed that Russia-linked threat actors have compromised multiple government websites this week. The...
Clasiopa group targets materials research in Asia
Clasiopa group targets materials research in AsiaA previously unknown threat actor, tracked as Clasiopa, is using a distinct toolset in attacks aimed at materials research organizations...
Security Affairs newsletter Round 408 by Pierluigi Paganini
Security Affairs newsletter Round 408 by Pierluigi PaganiniA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are...
News Corp says hackers first breached its systems between Feb 2020 and Jan 2022
News Corp says hackers first breached its systems between Feb 2020 and Jan 2022The investigation conducted by News Corporation (News Corp) revealed that attackers remained on...
Pro-Ukraine hackers CH01 defaced tens of Russian websites on the invasion anniversary
Pro-Ukraine hackers CH01 defaced tens of Russian websites on the invasion anniversaryThe group of hacktivists CH01 defaced at least 32 Russian websites to mark a protest...
Ransomware attack on food giant Dole Food Company blocked North America production
Ransomware attack on food giant Dole Food Company blocked North America productionThe producers of fruit and vegetables Dole Food Company disclosed a ransomware attack that impacted its operations....
ChromeLoader campaign uses VHD files disguised as cracked games and pirated software
ChromeLoader campaign uses VHD files disguised as cracked games and pirated softwareThreat actors behind the ChromeLoader malware campaign are using VHD files disguised as popular games, experts warn. Researchers...
PureCrypter used to deliver AgentTesla to govt organizations
PureCrypter used to deliver AgentTesla to govt organizationsAn unknown threat actor is targeting government organizations with the PureCrypter downloader, Menlo Security firm reported. Menlo Labs researchers...
Dutch Police arrests 3 men involved in a massive extortion scheme. One of them is an ethical hacker
Dutch Police arrests 3 men involved in a massive extortion scheme. One of them is an ethical hackerThe Dutch police arrested three individuals as a result...
PlugX Trojan disguised as a legitimate Windows open-source tool in recent attacks
PlugX Trojan disguised as a legitimate Windows open-source tool in recent attacksResearchers detailed a new wave of attacks distributing the PlugX RAT disguised as a legitimate...
Weekly Update 325
Weekly Update 325For the first time in I don't know how long, I couldn't do this live. Turns out both cell and wifi in Lapland are,...
Weekly Update 326
Weekly Update 326Despite having both my tripod and mic in the wrong suitcase in the wrong place, Scott and I still pulled together a weekly vid...