XLoader MacOS Malware Variant Returns With OfficeNote Facade
The notorious XLoader malware has resurfaced, posing as a seemingly innocuous office productivity app named “OfficeNote.”Known for its malicious activities...
cybersecurity
WinRAR Vulnerability Affects Traders Worldwide
Cybersecurity researchers have exposed a zero-day vulnerability (CVE-2023-38831) in the popular WinRAR compression tool, which cyber-criminals have exploited to target...
Artificial Intelligence and USBs Drive 8% Rise in Cyber-Attacks
Check Point Research has released its 2023 Mid-Year Security Report. The research reveals a concerning 8% surge in global weekly...
Doubling of Identity Theft Victims With Suicidal Thoughts
Some 16% of American identity theft victims have had suicidal thoughts following their experiences, up from just 8% in 2020,...
Carderbee hacking group hits Hong Kong orgs in supply chain attack
Image: Midjourney A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions...
New HiatusRAT malware attacks target US Defense Department
In a new HiatusRAT malware campaign, threat actors have targeted a server belonging to the U.S. Department of Defense in...
Scraped data of 2.6 million Duolingo users released on hacking forum
The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted...
Akira ransomware targets Cisco VPNs to breach organizations
There's mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate...
Sneaky Amazon Google ad leads to Microsoft support scam
A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks...
Ivanti warns of new actively exploited MobileIron zero-day bug
US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in...
Japanese watchmaker Seiko breached by BlackCat ransomware gang
The BlackCat/ALPHV ransomware gang has added Seiko to its extortion site, claiming responsibility for a cyberattack disclosed by the Japanese...
TP-Link smart bulbs can let hackers steal your WiFi password
Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link’s Tapo...
Cuba ransomware uses Veeam exploit against critical U.S. organizations
Image: Midjourney The Cuba ransomware gang was observed in attacks targeting critical infrastructure organizations in the United States and IT...
Rust devs push back as Serde project ships precompiled binaries
Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. The move has generated a fair...
Hackers use VPN provider’s code certificate to sign malware
The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with...
WinRAR flaw lets hackers run programs when you open RAR archives
A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can...
The Week in Ransomware – August 18th 2023 – LockBit on Thin Ice
While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggio's...
Interpol arrests 14 suspected cybercriminals for stealing $40 million
An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation...
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular...
Hackers ask $120,000 for access to multi-billion auction house
Hackers claim to have breached the network of a major auction house and offered access to whoever was willing to...
Phishing campaign steals accounts for Zimbra email servers worlwide
An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration...
Triple Extortion Ransomware and the Cybercrime Supply Chain
Ransomware attacks continue to grow both in sophistication and quantity. 2023 has already seen more ransomware attacks involving data exfiltration...
Thousands of Android APKs use compression trick to thwart analysis
Threat actors increasingly distribute malicious Android APKs (packaged app installers) that resist decompilation using unsupported, unknown, or heavily tweaked compression...
Phishing Spree Targets Zimbra Collaboration Account Holders
Cybersecurity researchers at ESET have exposed an ongoing mass-spreading phishing campaign that explicitly targets Zimbra Collaboration email server users. The...
