Inside Apple: How Apple’s attitude impacts security
Last week saw the fourth occurrence of the Objective by the Sea (OBTS) security conference, which is the only security...
News
New Yanluowang ransomware used in highly targeted attacks on large orgs
Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises. Researchers from...
Apple silently fixed iOS zero-day without crediting the expet who reported it
Apple has silently addressed a zero-day vulnerability that could allow attackers to gain access to sensitive user data. Apple has...
MyKings botnet operators already amassed at least $24 million
The MyKings botnet (aka Smominru or DarkCloud) is still alive and continues to spread, allowing its operators to make huge...
“Free Steam game” scams on TikTok are Among Us
TikTok has long since evolved beyond being thought of as “just” dance clips, also becoming a home for educational and...
Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday
Yesterday we told you about Apple’s latest patches. Today we turn to Microsoft and its Patch Tuesday. Microsoft tends to...
Dutch police warn customers of a popular DDoS booter service
Dutch police warn customers of a distributed denial-of-service (DDoS) website of stopping using the service to avoid prosecution. Dutch police...
Crooks use math symbols to evade anti-phishing solutions
Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns. Researchers from anti-phishing cybersecurity...
Chinese APT IronHusky use Win zero-day in recent wave of attacks
A Chinese-speaking hacking group exploited a Windows zero-day vulnerability in a wave of attacks on defense and IT businesses. A...
MysterySnail attacks with Windows zero-day
Executive Summary In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of...
SAS 2021: Learning to ChaCha with APT41
Straight from the sunny UK to the stage of SAS-at-Home 2021, John Southworth (PwC) will be giving some insights about...
SAS 2021: Fireside chat with Chris Bing
How to build up a fascinating story from a hardcore APT report? Where to find details and how to work...
SAS 2021: Operation Software Concepts
During the ‘Operation Software Concepts: A Beautiful Envelope for Wrapping Weapon‘ talk on SAS-at-Home 2021, Rintaro Koike, Shogo Hayashi and...
Necro botnet now targets Visual Tools DVRs
The FreakOut (aka Necro, N3Cr0m0rPh) Python botnet evolves, it now includes a recently published PoC exploit for Visual Tools DVR....
Adobe addresses four critical flaws in its products
Adobe addressed ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. Adobe has released security updates...
Ransom Disclosure Act would mandate ransomware payment reporting
In an effort to better understand and clamp down on the ransomware economy and its related use of cryptocurrencies, US...
Olympus US was forced to take down computer systems due to cyberattack
Olympus US was forced to take down IT systems in the American region (U.S., Canada, and Latin America) following a...
Update now! Apple patches another privilege escalation bug in iOS and iPadOS
Apple has released a security update for iOS and iPad that addresses a critical vulnerability reportedly being exploited in the...
ExpressVPN made a choice, and so did I: Lock and Code S02E19
On September 14, the US Department of Justice announced that it had resolved an earlier investigation into an international cyber...
GitKraken flaw lead to the generation of weak SSH keys
Git GUI client GitKraken team fixed a flaw that lead to the generation of weak SSH keys, users are recommended...
The joy of phishing your employees
Many companies set up phishing test programs for their employees, often as part of a compliance requirement involving ongoing employee...
Inside Apple: How macOS attacks are evolving
The start of fall 2021 saw the fourth Objective by the Sea (OBTS) security conference, which is the only security...
Microsoft mitigated a record 2.4 Tbps DDoS attack in August
Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August,...
US-CERT Bulletin (SB21-284):Vulnerability Summary for the Week of October 4, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
