News
-
"International Counter Ransomware Task Force Kicks Off"An international task force aimed at combating ransomware, which was unveiled at a White House event in November 2022, has officially begun operations, according to the Australian government. The mission of the International Counter Ransomware Task Force…
-
"Roaming Mantis Uses New DNS Changer in Its Wroba Mobile Malware"Researchers spotted Roaming Mantis threat actors using an updated version of their mobile malware called Wroba to attack Wi-Fi routers and take control of Domain Name System (DNS) settings. In March 2018, Roaming Mantis emerged, hacking routers in Japan…
-
"Two Vulnerabilities Found in Galaxy App Store"Security researchers at NCC Group have discovered two new vulnerabilities in the Galaxy App Store application allowing local attackers to install arbitrary applications or execute JavaScript by launching a specific web page. The first flaw…
-
"Mississippi Creates New Cyber Unit, Names 1st Director"A new unit to handle cybersecurity in Mississippi is in place and has its first director. The Mississippi Department of Public Safety recently said the Mississippi Cyber Unit, a component of the Mississippi Office of Homeland Security, will be the…
-
"Hacker Finds Copy of TSA No-Fly List on Exposed Cloud Storage"In another instance of misconfigured cloud storage, a Swiss hacker discovered a copy of the US Transportation Security Administration's (TSA) "no-fly list" exposed on the Internet. The exposed database was discovered on a server operated by the regional…
-
"ENISA Gives Out Toolbox for Creating Security Awareness Programs"Awareness Raising in a Box (AR-in-a-BOX) is a "do-it-yourself" toolkit made available by the European Union Agency for Cybersecurity (ENISA) to help organizations in developing and implementing a tailored security awareness-raising program. The package…
-
"Compromised Zendesk Employee Credentials Lead to Breach"The Zendesk Software-as-a-Service (SaaS) company for Customer Relationship Management (CRM) sent an email to some customers on January 13, revealing that it was breached in October 2022, exposing client account data to a threat actor. The email from…
-
"Microsoft Plans to Kill Malware Delivery via Excel XLL Add-Ins"Microsoft plans on introducing XLL add-in protection for Microsoft 365 customers, which will include the automatic blocking of such Internet-downloaded files. This will help combat the increase of malware attacks exploiting this infection vector.…
-
"Threat Actors Turn to Sliver as Open-Source Alternative to Popular C2 Frameworks"BishopFox's Sliver is a legitimate command-and-control (C2) framework that is growing in popularity among threat actors as an open-source alternative to Cobalt Strike and Metasploit. It is a Golang-based, cross-platform post-exploitation framework…
-
"Majority of GAO's Cybersecurity Recommendations Not Implemented by Federal Agencies"A new report by the US Government Accountability Office (GAO) revealed that out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December 2022. The GAO…
-
"Riot Games Halts Work After Cyberattack"A leading California-based gaming developer has recently admitted that a severe cyberattack on its systems has halted all updates. Tencent-owned Riot Games produces popular titles like League of Legends and Valorant. The company stated that…
-
"Cosmic Rays Generate and Distribute Random Numbers to Boost Security for Local Devices and Networks"Emerging technologies such as quantum computers are likely to compromise current information security methods. One of the reasons why they are insecure is that both the encrypted messages and the decryption keys must be sent from the sender to the…