Source: go.theregister.com – Author: Team Register FAQ You may have seen some headlines about a supply-chain backdoor in millions of Gigabyte motherboards. Here’s the lowdown. What’s...
Day: June 2, 2023
Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway – Source: go.theregister.com
Source: go.theregister.com – Author: Team Register Security researchers and the US government have sounded the alarm on a flaw in Progress Software’s MOVEit Transfer that criminals...
Kremlin claims Apple helped NSA spy on diplomats via iPhone backdoor – Source: go.theregister.com
Source: go.theregister.com – Author: Team Register Russian intelligence has accused American snoops and Apple of working together to backdoor iPhones to spy on “thousands” of diplomats...
MOVEit Transfer software zero-day actively exploited in the wild – Source: securityaffairs.com
Source: securityaffairs.com – Author: Pierluigi Paganini Threat actors are exploiting a zero-day flaw in Progress Software’s MOVEit Transfer product to steal data from organizations. Threat actors...
Russia’s FSB blames the US intelligence for Operation Triangulation – Source: securityaffairs.com
Source: securityaffairs.com – Author: Pierluigi Paganini Russia’s intelligence Federal Security Service (FSB) said that the recent attacks against iPhones with a zero-click iOS exploit as part...
Operation Triangulation: previously undetected malware targets iOS devices – Source: securityaffairs.com
Source: securityaffairs.com – Author: Pierluigi Paganini A previously undocumented APT group targets iOS devices with zero-click exploits as part of a long-running campaign dubbed Operation Triangulation. Researchers...
California-based workforce platform Prosperix leaks drivers licenses and medical records – Source: securityaffairs.com
Source: securityaffairs.com – Author: Pierluigi Paganini Prosperix leaked nearly 250,000 files. The breach exposed job seekers’ sensitive data, including home addresses and phone numbers. Prosperix, formally...
Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware – Source: securityaffairs.com
Source: securityaffairs.com – Author: Pierluigi Paganini Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. The malicious...
Most people are aware of their data trails, but few know how to deal with it: Okta study – Source: www.techrepublic.com
Source: www.techrepublic.com – Author: Karl Greenberg A new study by Okta finds that a proliferation of active accounts and web identities is exacerbating security risks both...
How to determine exactly what personal information Microsoft Edge knows about you – Source: www.techrepublic.com
Source: www.techrepublic.com – Author: Mark W. Kaelin Users should be aware of what personal data is being collected and stored by Microsoft Edge and be prepared...
Checklist: Network and systems security – Source: www.techrepublic.com
Source: www.techrepublic.com – Author: Cybersecurity demands and the stakes of failing to properly secure systems and networks are high. While every organization’s specific security needs form...
Modern Applications Require Modern Application Security – Source: www.techrepublic.com
Source: www.techrepublic.com – Author: Application security is one of the most important components of an overall security program, yet some organizations struggle to identify and address...
New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America – Source:thehackernews.com
Source: thehackernews.com – Author: . Jun 02, 2023Ravie LakshmananBotnet / Malware Spanish-speaking users in Latin America have been at the receiving end of a new botnet...
The Importance of Managing Your Data Security Posture – Source:thehackernews.com
Source: thehackernews.com – Author: . Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity...
Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering – Source:thehackernews.com
Source: thehackernews.com – Author: . Jun 02, 2023Ravie LakshmananMalware / Cyber Threat The Chinese nation-stage group known as Camaro Dragon has been linked to yet another...
North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks – Source:thehackernews.com
Source: thehackernews.com – Author: . Jun 02, 2023Ravie LakshmananCyber Espionage / APT U.S. and South Korean intelligence agencies have issued a new alert warning of North...
MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited – Source:thehackernews.com
Source: thehackernews.com – Author: . Jun 02, 2023Ravie Lakshmanan Zero-Day / Vulnerability A critical flaw in Progress Software’s in MOVEit Transfer managed file transfer application has...
Insurers Predict $33bn Bill for Catastrophic “Cyber Event” – Source: www.infosecurity-magazine.com
Source: www.infosecurity-magazine.com – Author: 1 A catastrophic “once-in-200-years” cyber event could cause $33bn in losses for the cyber-insurance sector, according to a new report from Guy...
Chinese Phishing Gang “PostalFurious” Expands Campaign – Source: www.infosecurity-magazine.com
Source: www.infosecurity-magazine.com – Author: 1 A recently discovered Chinese phishing gang has expanded its campaigns to the Middle East with new scams designed to harvest personal...
Kaspersky Says it is Being Targeted By Zero-Click Exploits – Source: www.infosecurity-magazine.com
Source: www.infosecurity-magazine.com – Author: 1 Russian AV vendor Kaspersky has claimed that iOS devices on its network are being targeted by sophisticated zero-day exploits. The firm...
Amazon Pays $30.8M to Settle Ring Spying & Alexa Privacy Lawsuits – Source: www.darkreading.com
Source: www.darkreading.com – Author: Dark Reading Staff, Dark Reading Because of the complaints made by the Federal Trade Commission (FTC), Amazon has agreed to pay a...
Jetpack WordPress Plug-in API Bug Triggers Mass Updates – Source: www.darkreading.com
Source: www.darkreading.com – Author: Dark Reading Staff, Dark Reading Jetpack, a WordPress plug-in for boosting website security and speed has issued a critical update following a...
How Do I Reduce Security Tool Sprawl in My Environment? – Source: www.darkreading.com
Source: www.darkreading.com – Author: Yotam Segev, Co-Founder and CEO, Cyera Question: We have too many security tools. How do I consolidate and reduce tool sprawl in...
Sustained ‘Red Deer’ Phishing Attacks Impersonate Israel Post, Drop RATs – Source: www.darkreading.com
Source: www.darkreading.com – Author: Dan Raywood, Senior Editor, Dark Reading Israeli engineering and telecommunications companies have been targeted with a sustained phishing message campaign that is...
Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace – Source: www.darkreading.com
Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributor, Dark Reading A lack of event logging in the free-subscription version of Google Workspace can allow attackers to download...
Where SBOMs Stand Today – Source: www.darkreading.com
Source: www.darkreading.com – Author: Liran Tancman, CEO & Co-Founder, Rezilion What a difference two years makes. Around this time in 2021, the term “SBOM” — which...
Novel PyPI Malware Uses Compiled Python Bytecode to Evade Detection – Source: www.darkreading.com
Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer, Dark Reading In a new twist on software supply chain attacks, researchers have discovered a Python package hiding...
S3 Ep137: 16th century crypto skullduggery – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin DOUG. Password manager cracks, login bugs, and Queen Elizabeth I versus Mary Queen of Scots… of course! All that, and more,...
Horabot Campaign Targets Spanish-Speaking Users in the Americas – Source: www.infosecurity-magazine.com
Source: www.infosecurity-magazine.com – Author: 1 A new cyber threat campaign named “Horabot” has been discovered by cybersecurity firm Cisco Talos targeting Spanish-speaking users in the Americas. Horabot,...
Void Rabisu’s RomCom Backdoor Reveals Shifting Threat Actor Goals – Source: www.infosecurity-magazine.com
Source: www.infosecurity-magazine.com – Author: 1 The hacking group known as Void Rabisu has deployed a new backdoor called RomCom. According to security researchers at Trend Micro,...