New ‘PowerDrop’ PowerShell malware targets U.S. aerospace industry
A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense...
News
Over 60,000 Android apps secretly installed adware for past six months
Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for...
US-CERT Vulnerability Summary for the Week of May 29, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency
A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of...
Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices
Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular apps to...
5 Reasons Why IT Security Tools Don’t Work For OT
Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergencecontinue to accelerate....
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability – Update Now!
Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is...
Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme
A Chinese-speaking phishing gang dubbed PostalFurious has been linked to a new SMS campaign that's targeting users in the U.A.E....
Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals
Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that's designed to capture sensitive...
Zyxel Firewalls Under Attack! Urgent Patching Required
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its...
The Genesis Market Takedown – Keep Users Credentials Secure
For years, "dark" markets have contained stolen credentials for sale. One of the larger and more notorious markets was the...
Microsoft links Clop ransomware gang to MOVEit data-theft attacks
Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to...
New tool scans iPhones for ‘Triangulation’ malware infection
Cybersecurity firm Kaspersky has released a tool to detect if Apple iPhones and other iOS devices are infected with a...
Clop ransomware claims responsibility for MOVEit extortion attacks
The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was...
SpinOk Android malware found in more apps with 30 million installs
The SpinOk malware was found in a new batch of Android apps on Google Play, reportedly installed an additional 30...
KeePass v2.54 fixes bug that leaked cleartext master password
KeePass has released version 2.54, fixing the CVE-2023-32784 vulnerability that allows the extraction of the cleartext master password from the...
GIGABYTE releases new firmware to fix recently disclosed security flaws
Gigabyte B660M GAMING X DDR4 Source: GIGABYTE.com GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards...
Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App
Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to...
The Annual Report: 2024 Plans and Priorities for SaaS Security
Over 55% of security executives report that they have experienced a SaaS security incident in the past two years —...
US-CERT Vulnerability Summary for the Week of May 22, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of...
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack
Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information (PII) and...
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors
A surge in TrueBot activity was observed in May 2023, cybersecurity researchers disclosed. "TrueBot is a downloader trojan botnet that...
Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts
An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico,...
CISA orders govt agencies to patch MOVEit bug used for data theft
CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer (MFT) solution to its...
