0 Comments
The threat actor known as Webworm has been linked to several Windows–based remote access Trojans, suggests a new advisory by Symantec, a subsidiary of Broadcom Software. The group reportedly developed customized versions of three older remote access Trojans (RATs): Trochilus, Gh0st RAT and 9002 RAT.  The first of these tools, first spotted in 2005, is a
0 Comments
Safety has a feeling all its own, and that’s what’s at the heart of McAfee+.  We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy.    And those concerns have merit. Last year,
0 Comments
The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. “Initial malicious activity originated from a Mitel appliance sitting on the network perimeter,” researchers from cybersecurity firm Arctic Wolf said in a report published
0 Comments
Worok takes aim at various high-profile organizations that operate in multiple sectors and are located primarily in Asia ESET researchers have revealed their findings about a previously unknown cyberespionage group that they named Worok. This APT group takes aim at various high-profile organizations that operate in multiple sectors and are located primarily in Asia, but
0 Comments
Two critical vulnerabilities were found in wireless LAN devices that are allegedly used to provide internet connectivity in airplanes. The flaws were discovered by Thomas Knudsen and Samy Younsi of Necrum Security Labs and affected the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec. “After performing reverse engineering of the firmware, we
0 Comments
by Paul Ducklin Researchers at threat intelligence company Group-IB just wrote an intriguing real-life story about an annoyingly simple but surprisingly effective phishing trick known as BitB, short for browser-in-the-browser. You’ve probably heard of several types of X-in-the-Y attack before, notably MitM and MitB, short for manipulator-in-the-middle and manipulator-in-the-browser. In a MitM attack, the attackers
0 Comments
Summary Pass-through authentication (PTA) is one of the Azure Active Directory (Azure AD) hybrid identity authentication methods. PTA relies on PTA agents installed on one or more on-premises servers. Azure AD uses a certificate-based authentication (CBA) to identify each agent. In May 2022, Secureworks® Counter Threat Unit™ (CTU) researchers analyzed how the protocols used by
0 Comments
Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver the high-quality, personalized products and services that customers expect. There is a
0 Comments
A group of threat actors previously associated with the ShadowPad remote access Trojan (RAT) has adopted a new toolset to conduct campaigns against various government and state–owned organizations across multiple Asian countries.  The news comes from the Threat Hunter Team at Symantec, who published a new advisory about the threats earlier today. According to the document,
0 Comments
China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi’an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO) at
0 Comments
A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran’s Islamic Revolutionary Guard Corps (IRGC),
0 Comments
Security researchers have linked multiple ransomware campaigns to DEV–0270 (also known as Nemesis Kitten). The threat actor, widely considered a sub–group of Iranian actor PHOSPHORUS, conducts various malicious network operations on behalf of the Iranian government, according to a new write–up by Microsoft. However, judging from the threat actor’s geographic and sectoral targeting (which often
0 Comments
The U.S. Treasury Department on Friday announced sanctions against Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. “Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government
0 Comments
More than 10% of enterprise IT assets are missing endpoint protection and roughly 5% are not covered by enterprise patch management solutions.  The figures come from new research by Sevco Security, which the company has compiled in the State of the Cybersecurity Attack Surface report. “Attackers are very adept at exploiting enterprise vulnerabilities. Security and IT
0 Comments
It’s too bad cybercriminals don’t funnel their creativity into productive pursuits because they’re constantly coming up with nefarious new ways to eke out money and information from unsuspecting people. One of their newest schemes is called synthetic identity theft, a type of identity theft that can happen to anyone. Luckily, there are ways to lower
0 Comments
Multiple security vulnerabilities have been disclosed in Baxter’s internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. “Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a coordinated advisory. Infusion pumps
0 Comments
On April 20, 2022, Rapid7 discovered vulnerabilities in two TCP/IP–enabled medical devices produced by Baxter Healthcare. The flaws, four in total, affected the company’s SIGMA Spectrum Infusion Pump and SIGMA WiFi Battery. Almost five months after Rapid7 first reported the issues to Baxter, the companies are now revealing they have worked together to discuss the