New Checkmate ransomware target QNAP NAS devices
Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese...
News
Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines
We investigate cloud-based cryptocurrency miners that leverage GitHub Actions and Azure virtual machines, including the cloud infrastructure and vulnerabilities that...
Large-scale cryptomining campaign is targeting the NPM JavaScript package repository
Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency...
North Korea-linked APTs use Maui Ransomware to target the Healthcare industry
US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare...
ENISA released the Threat Landscape Methodology
I’m proud to announce that the European Union Agency for Cybersecurity, ENISA, has released the Threat Landscape Methodology. Policy makers,...
Google to delete location data of trips to abortion clinics
The historical overturning of Roe v. Wade in June prompted lawmakers and technology companies to respond with deep concern over...
OrBit, a new sophisticated Linux malware still undetected
Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer...
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE
The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution....
Dynamic analysis of firmware components in IoT devices
Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices....
Marriott International suffered a new data breach, attackers stole 20GB of data
Hotel chain Marriott International suffered a new data breach, a threat actor has stolen 20GB from the company. Hotel chain...
ICS & OT Cybersecurity Attack Trends
We explore Trend Micro’s latest research into industrial cybersecurity, including the impact of attacks, maturity of security programs, and recommendations...
Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google...
Data Distribution Service: An Overview Part 1
In this three-part blog series, we’ll look into Data Distribution Service, why it is critical, and how you can mitigate...
Cyberattacks against law enforcement are on the rise
Experts observed an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Resecurity, a Los...
Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild
Threat actors are abusing legitimate adversary simulation software BRc4 in their campaigns to evade detection. Researchers from Palo Alto Networks...
NCSC urges organisations to prepare for the long haul on Russia-Ukraine
NCSC urges organisations to prepare for the long haul on Russia-Ukraine UK organisations offered guidance on maintaining cyber security staff...
TikTok is “unacceptable security risk” and should be removed from app stores, says FCC
Brendan Carr, the commissioner of the FCC (Federal Communications Commission), called on the CEOs of Apple and Google to remove...
New Hive ransomware variant is written in Rust and use improved encryption method
Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method....
Insider Threat: Employees indicted for stealing $88 million of license keys
Two insiders and an accomplice were indicted on Tuesday for multiple counts of fraud. According to documents unsealed by the...
Malicious NPM packages used to grab data from apps, websites
Researchers from ReversingLabs discovered tens of malicious NPM packages stealing data from apps and web forms. Researchers from ReversingLabs discovered...
Iranian Fars News Agency claims cyberattack on a company involved in the construction of Tel Aviv metro
Iran’s Fars News Agency reported that a massive cyberattack hit operating systems and servers of the Tel Aviv Metro. Iran’s...
Cyber Police of Ukraine arrested 9 men behind phishing attacks on Ukrainians attempting to capitalize on the ongoing conflict
The Cyber Police of Ukraine arrested nine members of a cybercriminal gang that has stolen 100 million hryvnias via phishing...
Threat actors compromised British Army ’s Twitter, YouTube accounts to promote crypto scams
Threat actors compromised the Twitter and YouTube accounts of the British Army to promote online crypto scams. The Twitter and...
HackerOne insider fired for trying to claim other people’s bounties
The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal...
