The Week in Ransomware – April 14th 2023 – A Focus on Stolen Data
It has been mostly a quiet week regarding ransomware, with only a few bits of info released on older attacks...
News
Russia accuses NATO of launching 5,000 cyberattacks since 2022
The Federal Security Service of the Russian Federation (FSB) has accused the United States and other NATO countries of launching...
Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it...
US-CERT Vulnerability Summary for the Week of April 3, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities
The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries...
Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen
Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company's MyBB forum...
Severe Android and Novi Survey Vulnerabilities Under Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based...
Webinar: Tips from MSSPs to MSSPs – Building a Profitable vCISO Practice
In today's fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of cybersecurity threats. Putting in place...
Legion: New hacktool steals credentials from misconfigured sites
A new Python-based credential harvester and SMTP hijacking tool named ‘Legion’ is being sold on Telegram that targets online email...
Dutch Police mails RaidForums members to warn they’re being watched
Dutch Police is sending emails to former RaidForums members, asking them to delete stolen data and stop illegal cyber activities...
Five arrested after 33,000 victims lose $98M to online investment fraud
Europol and Eurojust announced today the arrest of five individuals believed to be part of a massive online investment fraud ring...
Microsoft: Phishing attack targets accountants as Tax Day approaches
Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access...
WhatsApp boosts defense against account takeover via malware
WhatsApp announced today the introduction of several new security features, one of them dubbed "Device Verification" and designed to provide...
Russian hackers linked to widespread attacks targeting NATO and EU
Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's...
US-CERT Vulnerability Summary for the Week of April 3, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures...
RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware
Cybersecurity researchers have detailed the tactics of a "rising" cybercriminal gang called "Read The Manual" (RTM) Locker that functions as...
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks
Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a...
Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its...
New Python-Based “Legion” Hacking Tool Emerges on Telegram
An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for...
Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions
The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in attacks targeting the...
Why Shadow APIs are More Dangerous than You Think
Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial...
ChatGPT Security: OpenAI’s Bug Bounty Program Offers Up to $20,000 Prizes
OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to...
Kyocera Android app with 1M installs can be abused to drop malware
A Kyocera Android printing app is vulnerable to improper intent handling, allowing other malicious applications to abuse the flaw to download...
