BlackByte ransomware v2 is out with new extortion novelties
A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones....
News
Apple fixed two new zero-day flaws exploited by threat actors
Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS,...
PoC exploit code for critical Realtek RCE flaw released online
Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC...
Black Hat USA 2022 and DEF CON 30
Black Hat 2022 USA Briefings wrapped up this past week, along with its sister conference DEF CON 30. The DEF...
China-linked RedAlpha behind multi-year credential theft campaign
A China-linked APT group named RedAlpha is behind a long-running mass credential theft campaign aimed at organizations worldwide. Recorded Future researchers attributed...
Analyzing the Hidden Danger of Environment Variables for Keeping Secrets
While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for...
Protecting S3 from Malware: The Cold Hard Truth
Cloud object storage is a core component of any modern application, but most cloud file storage security is insufficient. If...
US-CERT Bulletin (SB22-227):Vulnerability Summary for the Week of August 8, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Bugdrop dropper includes features to circumvent Google’s security Controls
Researchers have discovered a previously undocumented Android dropper, dubbed BugDrop, that’s still under development. Recently, researchers from ThreatFabric discovered a...
Google fixed a new Chrome Zero-Day actively exploited in the wild
Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this...
North Korea-linked APT targets Job Seekers with macOS malware
The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1...
ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data
Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret...
Zoom fixed two flaws in macOS App that were disclosed at DEF CON
Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week...
Two more malicious Python packages in the PyPI
On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index (PyPI), the most...
Threat in your browser: what dangers innocent-looking extensions hold for users
Whether you want to block ads, keep a to-do list or check your spelling, browser extensions allow you to do...
What Exposed OPA Servers Can Tell You About Your Applications
This blog entry discusses what an OPA is and what it’s for, what we’ve discovered after identifying 389 exposed OPA...
Top Five Patch Management & Process Best Practices
Explore the top patch management best practices to mitigate the growing threat of vulnerability exploits in your organization. If you...
Clop gang targeted UK drinking water supplier South Staffordshire Water
A cyber attack disrupted the IT operations of South Staffordshire Water, a company supplying drinking water to 1.6M consumers daily....
Russia-linked Gamaredon APT continues to target Ukraine
Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive...
Phone numbers of 1,900 Signal users exposed as a result of Twilio security breach
For about 1,900 users, Twilio hackers could have attempted to re-register their number to another device or learned that their...
IT threat evolution in Q2 2022. Mobile statistics
IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022....
IT threat evolution in Q2 2022. Non-mobile statistics
IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022....
IT threat evolution Q2 2022
IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022....
Microsoft disrupts SEABORGIUM ’s ongoing phishing operations
Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. The Microsoft Threat Intelligence Center...
