Cybercrime Group ‘Muddled Libra’ Targets BPO Sector with Advanced Social Engineering
A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage...
News
Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware
A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct...
NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems
The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified...
The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins
The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of...
New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices
Internet-facing Linux systems and Internet of Things (IoT) devices are being targeted as part of a new campaign designed to...
NSA shares tips on blocking BlackLotus UEFI malware attacks
The U.S. National Security Agency (NSA) released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks. BlackLotus...
Microsoft Teams bug allows malware delivery from external accounts
Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the...
Microsoft 365 users report Outlook, Teams won’t start or freezes
Network and IT admins have been dealing with ongoing Microsoft 365 issues this week, reporting that some end users cannot...
US-CERT Vulnerability Summary for the Week of June 12, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
US-CERT Vulnerability Summary for the Week of June 12, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
APT37 hackers deploy new FadeStealer eavesdropping malware
The North Korean APT37 hacking group uses a new 'FadeStealer' information-stealing malware containing a 'wiretapping' feature, allowing the threat actor...
DuckDuckGo browser for Windows available for everyone as public beta
DuckDuckGo has released its privacy-centric browser for Windows to the general public. It is a beta version available for download...
VMware fixes vCenter Server bugs allowing code execution, auth bypass
VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication...
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy...
CISA orders govt agencies to patch bugs exploited by Russian hackers
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six more security flaws to its known exploited vulnerabilities...
Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version
Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a...
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices
A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel,...
MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans
A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to...
Generative-AI apps & ChatGPT: Potential risks and mitigation strategies
Losing sleep over Generative-AI apps? You're not alone or wrong. According to the Astrix Security Research Group, mid size organizations...
Startup Security Tactics: Friction Surveys
When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security...
Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack
Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This...
Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware
The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that...
Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari
Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set...
Unveiling the Unseen: Identifying Data Exfiltration with Machine Learning
Why Data Exfiltration Detection is Paramount?# The world is witnessing an exponential rise in ransomware and data theft employed to...
