Conti ransomware gang started leaking files stolen from Bank Indonesia
The central bank of the Republic of Indonesia, Bank Indonesia, confirmed the ransomware attack that hit it in December. Bank...
News
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
We found waves of Emotet spam campaigns using unconventional IP addresses to evade detection. If you like the site, please...
Codex Exposed: Task Automation and Response Consistency
Being able to automate tasks or programmatically execute them unsupervised is an essential part of both regular and malicious computer...
This Week in Security News – January 21, 2022
This week, read about various cybersecurity threats that affect industrial control and the Cybersecurity and Infrastructure Security Agency (CISA)’s latest cyberattack warnings....
CISA calls for urgent action against critical threats
In a CISA Insights bulletin the Cybersecurity & Infrastructure Security Agency (CISA) warns that every organization in the United States...
MoonBounce: the dark side of UEFI firmware
What happened? At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our...
Defending Users’ NAS Devices From Evolving Threats
In our latest research, we analyze the threats targeting well-known brands of network-attached storage (NAS) devices. If you like the...
Cybersecurity for Industrial Control Systems: Part 2
To cap off the series, we’ll discuss malware detection and distribution in various countries. Our team also rounds up several...
Microservice Security: How to Proactively Protect Apps
Microservices are growing in popularity—how can development teams embed seamless security into the entire pipeline? Fernando Cardoso, solutions architect at...
Red Cross begs attackers to “Do the right thing” after family reunion service compromised
Restoring Family Links is a program most commonly associated with The Red Cross. It’s been around since 1870, and aims...
Update now! Chrome patches critical RCE vulnerability in Safe Browsing
Google has issued an update for the Chrome browser which includes 26 security fixes. What stands out is that one...
Combatting SMS and phone fraud: UK government issues guidance
The UK’s National Cyber Secuity Centre (NCSC) has published a guide to help make your organization’s SMS and telephone messages...
Open Subtitles breach: The dangers of password reuse
Popular website Open Subtitles has been breached. The impact so far: almost seven million accounts “breached and ransomed” back in...
Steer clear of gift card balance scams
Rogue ads are a problem-causing menace which can strike in many ways. Malvertising often uses a combination of exploits to...
Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks
Main facts Kaspersky ICS CERT has uncovered a number of spyware campaigns targeting industrial enterprises. Operators of these campaigns hunt...
SolarWinds Serv-U bug exploited for Log4j attacks
SolarWinds has fixed a Serv-U vulnerability that threat actors actively exploited to carry out Log4j attacks to internal devices on...
New DDoS IRC Bot distributed through Korean webHard platforms
Researchers spotted an IRC bot written in GoLang that is being used to carry out DDoS attacks targeting users in Korea. Researchers...
UK NCSC shares guidance for organizations to secure their communications with customers
UK NCSC has published new guidance for organizations to secure their communications with customers via SMS or phone calls. UK’s...
CISA warns of potential critical threats following attacks against Ukraine
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations about “potential critical threats” following the recent cyberattacks that hit...
Browsers on iOS, iPadOS and Mac leak your browsing activity and personal identifiers
Researchers at FingerprintJS, a Chicago-based firm that specializes in online fraud prevention, have published a software bug introduced in Safari...
Mac users, update now! “Powerdir” flaw could allow attackers to spy on you
If you have been forgoing updating your Mac, this article might make you think twice. The Microsoft 365 Defender Research...
Campaign launched to delay social media end-to-end encryption
The many issues surrounding end-to-end encryption (E2EE) are ever-present. They usually spring up when something that could potentially affect the...
Box flaw allowed to bypass MFA and takeover accounts
A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability...
Cybercriminals’ friend VPNLab.net shut down by law enforcement
Europol has announced that law enforcement has seized or disrupted the 15 servers that hosted VPNLab.net’s service, rendering it no...
