News
-
"DEV-1101 Updates Open Source Phishing Kit"The threat actor known as DEV-1101 has been spotted by security researchers at Microsoft, developing and advertising a new adversary-in-the-middle (AiTM) open source phishing kit. The researchers noted that the threat actor group began offering…
-
"This is What Happens When Your Phone is Spying on You"According to a team of computer scientists from New York and San Diego, smartphone spyware apps that allow people to spy on each other are difficult to notice and detect, and easily leak the sensitive personal information they collect. Spyware apps are…
-
"NSA Releases Recommendations for Maturing Identity, Credential, and Access Management in Zero Trust"The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity throughout the User Pillar" to help system operators in maturing their Identity, Credential, and Access Management (ICAM)…
-
"Phishing Campaigns Use SVB Collapse to Harvest Crypto"Security researchers at Proofpoint have uncovered several new phishing campaigns using the collapse of Silicon Valley Bank (SVB) as a lure to steal cryptocurrency. The researchers stated that they spotted lures related to USD Coin (USDC), a digital…
-
"Key Aerospace Player Leaks Sensitive Data"According to research conducted by Cybernews, the top aviation company Safran Group left itself vulnerable to cyberattacks for over a year, thus highlighting the vulnerability of major aviation companies to being targeted by threat actors. The Cybernews…
-
"First Known Dero Cryptojacking Operation Seen Targeting Kubernetes"The first known cryptojacking operation mining the Dero cryptocurrency has been observed targeting vulnerable Kubernetes container orchestrator infrastructure with exposed Application Programming Interfaces (APIs). Dero is a privacy coin advertised as a…
-
"Data Loss Prevention Company Hacked by Tick Cyberespionage Group"ESET researchers have discovered that a Data Loss Prevention (DLP) company in East Asia has been compromised. During the intrusion, the attackers launched at least three malware families, compromising both the company's internal update servers and third-…
-
"Microsoft Zero-Day Bugs Allow Security Feature Bypass"Two zero-day vulnerabilities need to be patched immediately, one in Microsoft Outlook's authentication mechanism and another discovered to be a Mark-of-the-Web (MOTW) bypass. Automox researchers advised enterprises to patch these vulnerabilities within…
-
"GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks"GoBruteforcer, a new Golang-based malware, has been discovered targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres in an attempt to recruit them into a botnet. During the attack, GoBruteforcer used a Classless Inter-Domain Routing (CIDR)…
-
"Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor"The LockBit ransomware group recently claimed to have stolen valuable SpaceX files after breaching the systems of piece part production company Maximum Industries. The Texas-based Maximum Industries specializes in waterjet, laser cutting, and CNC…
-
"MI5 Launches New Agency to Tackle State-Backed Attacks"A new security agency began its job of protecting the UK from state-sponsored and terrorist threats recently. The National Protective Security Authority (NPSA) was created as part of a major new review of government defense spending known as the…
-
"CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks"The US Cybersecurity and Infrastructure Security Agency (CISA) has recently launched a pilot program to warn critical infrastructure organizations if their systems contain vulnerabilities that may be exploited in ransomware attacks. The new…