The state of cryptojacking in the first three quarters of 2022
Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and...
News
Apple out-of-band patches fix remote code execution bugs in iOS and macOS
Apple released out-of-band patches for iOS and macOS to fix a couple of code execution vulnerabilities in the libxml2 library....
Researchers warn of malicious packages on PyPI using steganography
Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files....
A bug in ABB Totalflow flow computers exposed oil and gas companies to attack
A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to...
APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity
Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity. Mandiant researchers in...
Lenovo warns of flaws that can be used to bypass security features
Lenovo fixed two high-severity flaws impacting various laptop models that could allow an attacker to deactivate UEFI Secure Boot. Lenovo...
Cybersecurity threats: what awaits us in 2023?
Knowing what the future holds can help with being prepared for emerging threats better. Every year, Kaspersky experts prepare forecasts...
4 Types of Cyber Crime Groups
Discover the four main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, and...
Hack the Real Box: APT41’s New Subgroup Earth Longzhi
We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This...
Surveillance vendor exploited Samsung phone zero-days
Google Project Zero researchers reported that a surveillance vendor is using three Samsung phone zero-day exploits. Google Project Zero disclosed...
Experts observed Amadey malware deploying LockBit 3.0 Ransomware
Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency...
Microsoft Patch Tuesday updates fix 6 actively exploited zero-days
Microsoft Patch Tuesday updates for November 2022 addressed 64 vulnerabilities, including six actively exploited zero-days. Microsoft Patch Tuesday updates for...
VMware fixes three critical flaws in Workspace ONE Assist
VMware address three critical bugs in the Workspace ONE Assist solution that allow remote attackers to bypass authentication and elevate...
DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework
This report provides defenders and security operations center teams with the technical details they need to know should they encounter...
Hybrid Cloud Management Security Tools
Explore hybrid cloud management security challenges, components, and tips to minimize your cyber risk. If you like the site, please...
Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw
Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging...
SmokeLoader campaign distributes new Laplas Clipper malware
Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble...
Medibank confirms ransomware attack impacting 9.7M customers, but doesn’t pay the ransom
Australian health insurer Medibank confirmed that personal data belonging to around 9.7 million current and former customers were exposed as...
US DoJ seizes $3.36B Bitcoin from Silk Road hacker
The U.S. Department of Justice condemned James Zhong, a hacker who stole 50,000 bitcoins from the Silk Road dark net...
DDoS attacks in Q3 2022
News overview In Q3 2022, DDoS attacks were, more often than not, it seemed, politically motivated. As before, most news...
Are Containers Affected by OpenSSL Vulnerabilities?
Find out if your container-based applications are vulnerable to the new OpenSSL vulnerabilities and the recommendations to help ensure you...
US-CERT Bulletin (SB22-311):Vulnerability Summary for the Week of October 31, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
‘Justice Blade’ Hackers are Targeting Saudi Arabia
Threats actors calling themselves “Justice Blade” published leaked data from an outsourcing IT vendor. The group of threat actors calling...
Robin Banks phishing-as-a-service platform continues to evolve
The phishing-as-a-service (PhaaS) platform Robin Banks migrated its infrastructure to DDoS-Guard, a Russian bulletproof hosting service. The phishing-as-a-service (PhaaS) platform Robin...
