Security

Internet security experts have detected and blocked nearly 13,000 fake investment platform domains across more than 7000 IPs in January 2024, a 25% increase from December 2023. The figure comes amid growing concerns over the escalating threat of online investment scams, which continue to prey on unsuspecting individuals worldwide.  According to data from the Federal Trade

A recent study conducted by Kaspersky Security Assessment experts has revealed the most prevalent vulnerabilities in corporate web applications developed in-house. Spanning the years between 2021 and 2023, the study identified numerous flaws, predominantly in the realms of access control and data protection, across a significant number of applications. Of particular concern were vulnerabilities related

Security researchers have uncovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN.  The flaws, identified as CVE-2023-46805 and CVE-2023-21887, were quickly exploited by multiple threat actors, leading to various malicious activities. Tracking these exploits, the Check Point Research (CPR) team said it encountered a cluster of activities attributed

A sophisticated cyber-espionage campaign by the China-aligned APT group Evasive Panda (also known as BRONZE HIGHLAND and Daggerfly) has been observed targeting Tibetans across various countries and territories.  The operation, which has been ongoing since at least September 2023, exploits both a targeted watering hole tactic and a supply-chain compromise involving trojanized installers of Tibetan

UnitedHealth Group has published a timeline to restore Change Healthcare’s systems following the BlackCat/ALPHV ransomware attack, which has led to delays to patient care across the US. The healthcare conglomerate, which owns Change Healthcare, said it expects key pharmacy and payment systems to be restored and available by March 18. In the meantime, UnitedHealth is

A novel phishing campaign leveraged legitimate Dropbox infrastructure and successfully bypassed multifactor authentication (MFA) protocols, new research from Darktrace has revealed. The attack highlights the growing exploitation of legitimate popular services to trick targets into downloading malware and revealing log in credentials. The findings also show how attackers are becoming adept at evading standard security

Cybersecurity researchers have uncovered a new cyber-threat involving fraudulent Skype, Google Meet and Zoom websites aimed at spreading malware.  The campaign, uncovered in December 2023 by Zscaler’s ThreatLabz, saw perpetrators distributing the SpyNote remote access Trojan (RAT) to Android users and NjRAT and DCRat to Windows users. These malicious URLs and files were identified on

The TA4903 group has been observed engaging in extensive spoofing of both US government agencies and private businesses across various industries. While primarily targeting organizations within the United States, TA4903 occasionally extends its reach globally through high-volume email campaigns. The overarching objective of these campaigns, as reported by Proofpoint in a new advisory published today, is

The hacking group GhostSec has seen a significant increase in its malicious activities over the past year, according to research conducted by Cisco Talos.  This surge includes the emergence of GhostLocker 2.0, a new variant of ransomware developed by the group using the Golang programming language.  GhostSec, in collaboration with the Stormous ransomware group, has

Researchers have developed a computer worm that targets generative AI (GenAI) applications to potentially spread malware and steal personal data. The new paper details the worm dubbed “Morris II,” which targets GenAI ecosystems through the use of adversarial self-replicating prompts, leading to GenAI systems delivering payloads to other agents. Once unleashed, the worm is stored

The UK Home Office has breached data protection law by using electronic tags to monitor migrants, according to the Information Commissioner’s Office (ICO). The regulator said the government department failed to sufficiently assess the privacy intrusion of the continuous collection of individuals’ location information. It noted that 24/7 access to people’s movement is likely to

Read more on Ivanti vulnerabilities: Eight government agencies from the Five Eyes countries (Australia, Canada, New Zealand, the UK, and the US) issued an urgent warning on February 29 about the active exploitation of Ivanti product vulnerabilities. Specifically, the joint advisory assessed that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure

US President Joe Biden has warned that Chinese manufactured automobiles could be used to steal sensitive data of US citizens and critical infrastructure. The White House statement announced it will be conducting an investigation into the impact of “connected vehicles” containing technology from China on US national security. “I have directed my Secretary of Commerce

Leading drug distributor Cencora has disclosed a cybersecurity incident where data from its information systems was compromised, potentially containing personal information.  The breach was discovered on February 21 2024, according to a Securities and Exchange Commission (SEC) filing published on the same day. “Upon initial detection of the unauthorized activity, the Company immediately took containment steps

A joint Cybersecurity Advisory (CSA) issued by the Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command and international partners has raised alarms regarding Russian state-sponsored cyber actors’ exploitation of compromised Ubiquiti EdgeRouters. Identified as the Russian General Staff Main Intelligence Directorate (GRU), 85th Main Special Service Center (GTsSS), these actors, also known

France’s National Cybersecurity Agency (ANSSI) observed a significant rise in cyber espionage campaigns targeting strategic organizations in 2023. These operations are increasingly focused on individuals and non-governmental structures that create, host or transmit sensitive data, ANSSI observed in its 2023 Cyber Threat Landscape report, published on February 27, 2024. Besides public administration, the primary targets

The White House has called on the tech industry to adopt memory safe programming languages, eliminating most memory safety vulnerabilities from hardware and software. The report by the Office of the National Cyber Director (ONCD) noted that memory safety vulnerabilities are one of the “most pervasive” classes of bugs. Up to 70% of security vulnerabilities

Almost four in five (78%) of organizations who paid a ransom demand were hit by a second ransomware attack, often by the same threat actor, according to Cybereason’s Ransomware: The Cost to Business Study 2024. Nearly two-thirds (63%) of these organizations were asked to pay more the second time. Of the 78% breached a second

Serco Leisure has been ordered to stop using facial recognition technology (FRT) and fingerprint scanning to monitor employee attendance by the UK’s data protection enforcement authority. The Information Commissioner’s Office (ICO) said the company unlawfully processed biometric data of more than 2000 employees across 38 sporting and leisure facilities under UK data protection law. Serco

Read more about LockBit Ransomware: LockBit Takedown: What You Need to Know about Operation Cronos LockBit Infrastructure Disrupted by Global Law Enforcers LockBit and Royal Mail Ransomware Negotiation Leaked LockBit Remains Top Global Ransomware Threat “We know who he is. We know where he lives. We know how much he is worth. LockbitSupp has engaged

Cybersecurity experts at Kaspersky have uncovered a new phishing campaign that specifically targets small and medium-sized businesses (SMBs).  The attack method involves exploiting the email service provider (ESP) SendGrid to gain access to client mailing lists, subsequently utilizing stolen credentials to send out convincing phishing emails. These emails are crafted to appear authentic, posing a

Over 40% of companies globally are struggling to fill critical cybersecurity roles, particularly in information security research and malware analysis, as highlighted by a recent report from Kaspersky. This shortage is particularly acute in Europe, Russia and Latin America. Additionally, security operations center (SOC) and security assessment and network security roles are understaffed, with figures

Security researchers have identified a concerning uptick in malicious activities infiltrating open-source platforms and code repositories.  This trend encompasses a wide array of malicious activities, including hosting command-and-control (C2) infrastructure, storing stolen data and disseminating various forms of malware.  In a recent discovery, ReversingLabs reverse engineer Karlo Zanki uncovered two suspicious packages on the Python

The Anatsa banking Trojan campaign has been observed increasingly targeting European banks, according to new data by ThreatFabric researchers. Since its reemergence in November 2023, the Anatsa campaign has manifested in five distinct waves, targeting various regions, including Slovakia, Slovenia and Czechia, alongside previously affected areas like the UK, Germany and Spain.  Notably, the campaign

PDF threats are on the rise with cybercriminals spreading malware, including WikiLoader, Ursnif and DarkGate, through PDFs, a new report by HP Wolf Security has found. The company’s analysis saw a 7% rise in PDF threats in Q4 2023, compared to Q1 of the same year. It noted that previously PDF lures have been used

Organizations based in the EU are being targeted by spear phishing campaigns leveraging EU political and diplomatic events, according to the bloc’s Computer Emergency Response Team (CERT-EU). In its Threat Landscape Report 2023, published on February 15, 2024, CERT-EU found that lures exploiting the EU agenda have been rife in 2023. “In recent years, 2023

Read more on Ivanti vulnerabilities: Bad news continues to pile up for Utah-based IT software provider Ivanti as a new vulnerability has been discovered in its products. On February 8, Ivanti disclosed a new authentication bypass vulnerability impacting its Connect Secure, Policy Secure, and ZTA gateways. This new vulnerability, identified as CVE-2024-22024, is the latest

A recent study conducted by the FortiGuard team has shed light on a sophisticated malware distribution strategy observed throughout 2023.  In a technical write-up published on Wednesday, the team identified a series of malware droppers dubbed the “TicTacToe dropper,” which were utilized to deliver various malicious payloads to victims.  These droppers, designed to obscure the final-stage

The Trend Micro Zero Day Initiative (ZDI) has recently unearthed a critical vulnerability, identified as CVE-2024-21412, which they’ve dubbed ZDI-CAN-23100.  The flaw was reported to Microsoft as part of a Microsoft Defender SmartScreen bypass utilized in a complex zero-day attack chain orchestrated by the APT group known as Water Hydra (AKA DarkCasino). Their targets were

Southern Water has confirmed that personal data of both customers and employees has been accessed in a recent ransomware attack. The UK water supplier revealed that it plans to notify 5-10% of its customer base to inform them that their personal information has been impacted. With the firm serving around 4.6 million customers in Southern