News
-
"China-Based Fangxiao Group Behind a Long-Running Phishing Campaign"According to Cyjax researchers, a financially motivated group based in China called Fangxiao has been orchestrating a large-scale phishing campaign since 2017. The sophisticated phishing campaign takes advantage of international brand reputations and…
-
"Microsoft: Royal Ransomware Group Using Google Ads in Campaign"According to a new report from Microsoft's Security Threat Intelligence team, the Royal Ransomware group used Google Ads in one of their attack campaigns. The ransomware, which first appeared in September and claimed a number of victims, including one of…
-
"Hive Ransomware Has Made $100m to Date"According to a new joint advisory released by the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS), the Hive ransomware variant has made its operators and affiliates around $100…
-
"Instagram Impersonators Target Thousands, Slipping by Microsoft's Cybersecurity"Cybercriminals used a sophisticated phishing campaign impersonating Instagram to target students at national educational institutions in the US. They used a valid domain to steal credentials, bypassing both Microsoft 365 and Exchange email protections.…
-
"PCI SSC Publishes New Standard for Mobile Payment Acceptance Solutions"The PCI Security Standards Council (PCI SSC) has released a new standard to help in the evolution of mobile payment acceptance solutions. PCI Mobile Payments on COTS (MPoC) expands on the existing PCI Software-based PIN Entry on COTS (SPoC) and PCI…
-
"Elastic Report: Nearly 33% Of Cyberattacks in the Cloud Leverage Credential Access"According to the 2022 Elastic Global Threat Report, almost 33 percent of cloud attacks use credential access, suggesting that users often overestimate the security of their cloud environments and, as a result, fail to configure and protect them…
-
"Phishing Kit Impersonates Well-Known Brands to Target US Shoppers"Since mid-September, a sophisticated phishing kit has been targeting North Americans with lures themed around holidays such as Labor Day and Halloween. The kit employs a variety of evasion detection techniques as well as several mechanisms to keep non-…
-
"LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities"LodaRAT malware has resurfaced with new variants being used in tandem with other sophisticated malware, such as RedLine Stealer and Neshta. According to Cisco Talos researcher Chris Neal, the ease of access to LodaRAT's source code makes it an appealing…
-
"Study Uncovers New Threat to Security and Privacy of Bluetooth Devices"Bluetooth-enabled mobile devices have been found to be vulnerable to a flaw that could allow attackers to track a user's location. The study centers on Bluetooth Low Energy (BLE), a type of Bluetooth that uses less energy than Bluetooth Classic, an…
-
"QBot Phishing Abuses Windows Control Panel EXE to Infect Devices"Phishing emails distributing the QBot malware are infecting computers by exploiting a Dynamic-Link Library (DLL) hijacking flaw in the Windows 10 Control Panel, most likely to avoid detection by security software. DLL hijacking is a common attack…
-
"As SaaS App Usage Soars, Consolidation and Security Concerns Drive Change"BetterCloud, a cloud service management company, discovered that organizations are increasingly using Software-as-a-Service (SaaS) apps, but the industry is changing due to consolidation and app security concerns. The company's 10th annual State of…
-
"Meta Reportedly Disciplined or Fired More Than Two Dozen Workers For Taking Over Facebook User Accounts"Meta Platforms reportedly recently fired or disciplined more than two dozen employees and contractors who allegedly compromised and took control of Facebook user accounts. Bribery was involved in some cases. Users who were locked out of their…