Google has bolstered the security of Android devices with a significant update to Google Play Protect. According to the tech giant, this development is in response to the growing prevalence of cyber-threats targeting mobile devices. Google Play Protect is an existing security feature that scans approximately 125 billion apps daily for malware and unwanted software.
Month: October 2023
ESET Research ESET researchers reveal a growing sophistication in threats affecting the LATAM region by employing evasion techniques and high-value targeting 17 Oct 2023 • , 3 min. read Much like the life and mysterious demise of Pharaoh Tutankhamun, also known as King Tut, the threat landscape in Latin America (LATAM) remains shrouded in mystery.
Oct 19, 2023NewsroomCyber Threat / Vulnerability A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is CVE-2023-38831 (CVSS score: 7.8), which allows attackers to execute arbitrary code when a user
Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed “TetrisPhantom.” The persistent operation has specifically targeted government institutions in the Asia-Pacific region (APAC), utilizing a unique method involving secure USB drives for data infiltration. Kaspersky’s findings are part of their latest quarterly APT threat landscape report. The clandestine campaign, which
Oct 18, 2023NewsroomData Breach / Network Security Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is “low-sensitivity and semi-public information.” “The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as
Unpatched WS_FTP servers exposed to the internet have become prime targets for ransomware attacks, with threat actors exploiting a critical vulnerability. Writing on Infosec Exchange last Thursday, Sophos X-Ops’ incident responders described an attempted ransomware attack by the self-proclaimed Reichsadler Cybercrime Group. The attack reportedly utilized a stolen LockBit 3.0 builder to create ransomware payloads. Despite Progress
Oct 17, 2023NewsroomCyber Attack / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that threat actors “interfered” with at least 11 telecommunication service providers in the country between May and September 2023. The agency is tracking the activity under the name UAC-0165, stating the intrusions led to service interruptions for customers. The
A new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below) has been discovered by the Patchstack team. With over 20,000 active installations, this popular plugin is used for user-generated content submissions and is developed by Plugin Planet. The vulnerability, discussed by Patchstack security researcher Rafie Muhammad in an advisory published today,
Oct 16, 2023NewsroomBlockchain / Malware Threat actors have been observed serving malicious code by utilizing Binance’s Smart Chain (BSC) contracts in what has been described as the “next level of bulletproof hosting.” The campaign, detected two months ago, has been codenamed EtherHiding by Guardio Labs. The novel twist marks the latest iteration in an ongoing
Email security provider Cofense has discovered a new phishing campaign comprising over 800 emails and using LinkedIn Smart Links. The campaign was active between July and August 2023 and involved various subject themes, such as financial, document, security, and general notification lures, reaching users’ inboxes across multiple industries. The financial, manufacturing and energy sectors are
Video Why keeping software up to date is a crucial security practice that should be followed by everyone from individual users to SMBs and large enterprises 13 Oct 2023 This week, the US Cybersecurity and Infrastructure Security Agency (CISA) added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing solid evidence of active
Oct 14, 2023NewsroomAuthentication / Endpoint Security Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. “The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on
The UK’s financial regulator has fined Equifax Ltd. over £11m ($13.4m) for failing to protect UK consumer data stolen in the notorious 2017 data breach. The Financial Conduct Authority (FCA) announced the financial penalty on October 13, 2023. The FCA stated that Equifax’s UK business failed to take appropriate action to protect the personal data
Business Security How CISOs and their peers can better engage with boards to get long-term buy-in for strategic initiatives Phil Muncaster 11 Oct 2023 • , 4 min. read Building a safer digital world requires action on several fronts. Initiatives like Cybersecurity Awareness Month (CSAM) are great opportunities to remind the general public of important
Oct 13, 2023NewsroomEndpoint Security / Cyber Attack European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void
CISO salary growth has slowed with 20% receiving no raise at all in 2023, according to a new study by IANS Research and Artico Search. The research found an average total compensation increase of 11% over the past 12 months. This represents a reduction of 14% from the previous year. The average base salary increase
Cybercrime Security researchers, global organizations, law enforcement and other government agencies need to have the right conversations and test potential scenarios without the pressure of an actual attack Cameron Camp 11 Oct 2023 • , 3 min. read Squashing malware groups involves imposing steep costs on small ad hoc groups. But those actions are slowly
A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called Pathoschild.Stardew.ModBuildConfig, software supply chain security firm Phylum said in a report
In a recent security alert, the team behind the popular open-source tool curl has announced the release of fixes for two vulnerabilities: CVE-2023-38545 and CVE-2023-38546. Today’s release marks a crucial step in addressing these security concerns. Curl, a command-line tool for data transfer supporting various network protocols, plays a vital role in countless applications, with
Digital Security Late nights at VB2023 featured intriguing interactions between security experts and the somewhat enigmatic world of grayware purveyors Cameron Camp 10 Oct 2023 • , 3 min. read Late night at VB2023 is when the goblins come out – crafted visages of carefully-played fans cum lures foisted by the industry of potentially unwanted
Oct 12, 2023NewsroomVulnerability / Software Security Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows – CVE-2023-38545 (CVSS score: 7.5) – SOCKS5 heap-based buffer overflow vulnerability CVE-2023-38546 (CVSS score: 5.0) – Cookie
Flagstar Bank, a prominent Michigan-based financial services provider, has warned 837,390 of its US customers about a data breach that occurred through a third-party service provider, Fiserv. The breach exposed the personal information of a substantial number of customers. It was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv
FortiGuard Labs, the research arm of security firm Fortinet, has uncovered a significant evolution in the IZ1H9 Mirai-based DDoS campaign. Discovered in September and described in an advisory published on Monday, the new campaign has reportedly rapidly updated its arsenal of exploits, incorporating 13 distinct payloads, targeting various vulnerabilities across different Internet of Things (IoT)
Social Media One of the biggest threats to watch out for on social media is fraud perpetrated by people who aren’t who they claim to be. Here’s how to recognize them. Phil Muncaster 06 Oct 2023 • , 5 min. read Some 4.5 billion people worldwide, or almost 55 percent of the global population, have
Digital Security Your preparedness to deal with cyberattacks is key for lessening the impact of a successful incident – even in home and small business environments Tony Anscombe 09 Oct 2023 • , 3 min. read Cybersecurity Awareness Month (CSAM) is upon us again. Much like European Cyber Security Month (ECSM), this important initiative is
Oct 10, 2023NewsroomServer Security / Vulnerability Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative
Oct 11, 2023NewsroomCyber Attack / Vulnerability Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant’s threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. “CVE-2023-22515
Video The backdoor can exfiltrate files, manipulate Windows registry keys, and execute commands that are capable of performing various actions on a victim’s machine 06 Oct 2023 This week, ESET researchers released their findings about a cyberespionage campaign that took aim at a Guyanese governmental entity. Named Operation Jacana by ESET, the campaign deployed a
Two leading US government security agencies have shared the top 10 most common cybersecurity misconfigurations, in a bid to improve baseline security among public and private sector organizations. The report from the NSA and Cybersecurity and Infrastructure Security Agency (CISA) was compiled from their red and blue team assessments, as well agency hunt and incident
Oct 06, 2023NewsroomCyber Attack / Malware Threat actors have been observed targeting semiconductor companies in East Asia with lures masquerading as Taiwan Semiconductor Manufacturing Company (TSMC) that are designed to deliver Cobalt Strike beacons. The intrusion set, per EclecticIQ, leverages a backdoor called HyperBro, which is then used as a conduit to deploy the commercial