Hackers exploit 5-year-old unpatched flaw in TBK DVR devices
Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR (digital video recording) devices. DVRs are...
News
Level Finance crypto exchange hacked after two security audits
Hackers exploited a Level Finance smart contract vulnerability to drain 214,000 LVL tokens from the decentralized exchange and swapped them...
FBI seizes 9 crypto exchanges used to launder ransomware payments
The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including...
US-CERT Vulnerability Summary for the Week of April 24, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software
Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to...
Why Telecoms Struggle with SaaS Security
The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive...
Why Telecoms Struggle with SaaS Security
The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive...
BouldSpy Android Spyware: Iranian Government’s Alleged Tool for Spying on Minority Groups
A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging...
North Korea’s ScarCruft Deploys RokRAT Malware via LNK File Infection Chains
The North Korean threat actor known as ScarCruft began experimenting with oversized LNK files as a delivery route for RokRAT...
LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads
In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been...
Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based...
T-Mobile discloses second data breach since the start of 2023
T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds...
Hackers leak images to taunt Western Digital’s cyberattack response
The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating...
New LOBSHOT malware gives hackers hidden VNC access to Windows devices
A new malware known as ‘LOBSHOT’ distributed using Google ads allows threat actors to stealthily take over infected Windows devices...
US-CERT Vulnerability Summary for the Week of April 17, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks
An analysis of over 70 billion DNS records has led to the discovery of a new sophisticated malware toolkit dubbed...
APT28 Targets Ukrainian Government Entities with Fake “Windows Update” Emails
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various...
Vietnamese Threat Actor Infects 500,000 Devices Using ‘Malverposting’ Tactics
A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000...
Wanted Dead or Alive: Real-Time Protection Against Lateral Movement
Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators....
Google Blocks 1.43 Million Malicious Apps, Bans 73,000 Bad Accounts in 2022
Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being...
Google starts taking down CryptBot malware infrastructure
A court order has been granted to Google to take down the malware infrastructure associated with Cryptbot info stealer after...
Hackers use fake ‘Windows Update’ guides to target Ukrainian govt
The Computer Emergency Response Team of Ukraine (CERT-UA) says Russian hackers are targeting various government bodies in the country with malicious...
US-CERT Vulnerability Summary for the Week of April 17, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Hackers target vulnerable Veeam backup servers exposed online
Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile...
