News
-
"Docker Hub Repositories Hide Over 1,650 Malicious Containers"More than 1,600 publicly available Docker Hub images conceal malicious behavior, such as cryptocurrency miners, embedded secrets that can be used as backdoors, Domain Name System (DNS) hijackers, and website redirectors. Docker Hub is a cloud-based…
-
"Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions"An examination of firmware images from Dell, HP, and Lenovo devices revealed the presence of outdated versions of the OpenSSL cryptographic library, highlighting a supply chain risk. The EFI Development Kit (EDK) is an open-source implementation of the…
-
"New Black Basta Ransomware Campaign Is Actively Targeting US Companies"The cybersecurity technology company Cybereason has warned that an aggressive new ransomware campaign from the Black Basta ransomware group is targeting US businesses. Black Basta first appeared in April and is thought to be an offshoot of the Conti…
-
"Hackers Are Locking Out Mars Stealer Operators From Their Own Servers"A security research and hacking startup discovered a coding flaw that enables locking out Mars Stealer malware operators from their own servers and releasing their victims. Mars Stealer is a data-stealing Malware-as-a-Service (MaaS) that allows…
-
"AWS Fixes 'Confused Deputy' Vulnerability in AppSync"Amazon Web Services (AWS) has patched a cross-tenant vulnerability in AWS AppSync that could allow malicious actors to use the cloud service to assume identity and access management roles in other AWS accounts, gaining access to and control over those…
-
"Quantum Locker Lands in the Cloud"Computerland, a Belgian company, shared information with the European threat intelligence community about the Quantum Locker gang's tactics, techniques, and procedures (TTPs) used in recent attacks. According to the information shared, the Quantum Locker…
-
"Fake Subscription Invoices Lead To Corporate Data Theft and Extortion"A threat actor known as Luna Moth has been stealing sensitive data and extorting money from small and medium-sized businesses through the use of social engineering tactics and legitimate software. The group avoids using ransomware in favor of convincing…
-
"Hackers Breach Energy Orgs via Bugs in Discontinued Web Server"Microsoft has announced that security flaws impacting a web server that has been discontinued since 2005 were used to target and compromise organizations in the energy sector. According to a report published in April by cybersecurity firm Recorded Future…
-
"This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos"A malicious extension for Chromium-based web browsers has been discovered to be distributed by ViperSoftX, a long-standing Windows information-stealer. The rogue browser add-on was dubbed VenomSoftX by a Czech-based cybersecurity firm due to the…
-
"Adversarial AI Attacks Highlight Fundamental Security Issues"Artificial Intelligence (AI) and Machine Learning (ML) systems trained on real-world data are increasingly being seen as vulnerable to attacks involving unexpected inputs to fool the systems. For example, contestants at the recent Machine Learning…
-
"Public Wants to Build Cyber Resilience"Cyberattacks impacting thousands of Australian citizens' personal data have raised awareness of the dangers of insecure digital systems. According to researchers at Flinders University, consumers want to have a more active role in building more resilient…
-
"Are We Building Cyber Vulnerability Into EV Charging Infrastructure?"Electric Vehicle (EV) charging stations are vulnerable to hacks, potentially disrupting the grid or resulting in the theft of users' personal information. The consequences could be severe in the absence of significant technological upgrades, regulations…