News
-
"PlugX Trojan Disguised as a Legitimate Windows Open-Source Tool in Recent Attacks"Researchers at Trend Micro discovered a new wave of attacks crafted to distribute the PlugX Remote Access Trojan (RAT) disguised as the open-source Windows debugger x32dbg. The legitimate tool enables the examination of kernel-mode and user-mode code,…
-
"Threat Actors Getting Smarter as China-Linked Attacks Rise"According to CrowdStrike's annual Global Threat Report, adversaries have become more sophisticated and destructive in their cyberattacks. Malware activity has declined, indicating that threat actors are experimenting with alternative means of attack.…
-
"US Marshals Service Hit With Ransomware Attack"The United States Marshals Service (USMS) was recently hit with a ransomware attack. The incident occurred on February 17. According to a USMS spokesperson, shortly after the discovery, the USMS disconnected the affected system, and the…
-
"How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever"The Russia-Ukraine conflict has impacted cyberspace on all levels, from nation-state Advanced Persistent Threats (APT) groups to low-level carders on Dark Web forums. A new report from Recorded Future details the numerous cyberspace repercussions of that…
-
"LastPass Breach: Hacker Accessed Corporate Vault by Compromising Senior Developer's Home PC"LastPass has disclosed additional details on the security incident relating to the compromise of its development environment in August 2022 and subsequent unauthorized access to the company's third-party cloud storage provider that held backups. The…
-
"New Exfiltrator-22 Post-exploitation Kit Linked to LockBit Ransomware"Exfiltrator-22 is a new post-exploitation framework being promoted by threat actors to spread ransomware across corporate networks while evading detection. According to threat analysts at CYFIRMA, this new framework was developed by former LockBit 3.0…
-
"CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability"Based on evidence of active exploitation, the US Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw impacting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, tracked as CVE-…
-
"Mobile Banking Trojans Surge, Doubling in Volume"According to researchers at Kaspersky, mobile malware developers were busy in 2022, flooding the cybercrime landscape with twice the number of banking trojans than the year before. The researchers stated that nearly 200,000 new mobile banking…
-
"QNAP Offering $20,000 Rewards via New Bug Bounty Program"Taiwan-based QNAP Systems has recently announced that it is offering rewards of up to $20,000 for vulnerabilities reported through its newly launched bug bounty program. QNAP, which is known for its network-attached storage (NAS) and professional…
-
"TREBUCHET: A High-Powered Processor for Cutting-Edge Encryption"Fully Homomorphic Encryption (FHE) enables algorithms to do direct computations on encrypted data. Usually, sensitive data is encrypted, and it must be decrypted before it can be used for any form of analysis or computing. The analysis or computation is…
-
"Media Giant News Corp Discloses New Details of Data Breach"Media giant News Corp has recently disclosed new details about a data breach discovered last year and attributed to a state-sponsored threat actor. In early 2022, News Corp revealed that hackers had managed to steal corporate data from its systems…
-
"Governments Targeted by Discord-Based Threat Campaign"According to security researchers at Menlo Security, an unknown threat actor is targeting APAC and North American governments with info-stealing malware and ransomware. The researchers noted that the group’s attacks begin with a phishing email…