0 Comments
Multiple Russian influence networks have been running disinformation and influence campaigns since May designed to sow division in the West over its support for Ukraine, according to Recorded Future. These efforts are being conducted by “state-controlled media, known covert intelligence outlets, and known propaganda and disinformation amplifiers” including ‘legitimate’ broadcasters like RT, disinformation outlets like Southfront,
0 Comments
Researchers have disclosed a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts. “This was done using automation which includes
0 Comments
Google has released an update to its popular Chrome browser to fix four vulnerabilities, including one zero-day current being exploited by attackers. The new Chrome version 103.0.5060.114 will be rolled out to Windows users over the coming days and weeks, according to a Google advisory. It includes the high severity CVE-2022-2294, a heap buffer overflow bug in
0 Comments
In the spirit of #PrideMonth, McAfee hosted month-long celebrations across the world. One of these was a live event hosted by the McAfee Pride Community with a guest speaker from the Resource Center that focused on the history of Pride, support, allyship, and belonging. We took a moment to ask our event guest speaker, Leslie
0 Comments
July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps. Today, ImmuniWeb announced
0 Comments
The British army’s Twitter and YouTube accounts were compromised by a malicious third party on Sunday and used to direct visitors to cryptocurrency scams. The Ministry of Defence (MoD) press office account took to Twitter at around 7pm local time to report the incident. “We are aware of a breach of the army’s Twitter and
0 Comments
Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. “The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties,” it said. “In under 24 hours, we worked quickly to
0 Comments
Kaspersky security experts have discovered new malware targeting Microsoft Exchange servers belonging to several organizations worldwide. Dubbed “SessionManager” and first spotted by the company in early 2022, the backdoor enables threat actors to keep “persistent, update-resistant and rather stealth access to the IT infrastructure of a targeted organization.” According to Kaspersky, once propagated, SessionManager would enable
0 Comments
Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its “complex multi-step attack flow” and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their
0 Comments
Human negligence, cyber skills gaps and disinterested C-level execs are putting manufacturing firms at an escalated risk of serious breaches, according to Capgemini. The global consultancy collected responses from cybersecurity leaders in 950 organizations to compile its report, Smart & Secure: Why smart factories need to prioritize cybersecurity. It revealed that while over half (51%) of respondents
0 Comments
Security researchers have uncovered a likely state-sponsored information-stealing operation targeting SOHO workers over the past two years. Coinciding with the shift to mass remote working during the pandemic, the operation was focused on accessing corporate resources via less well-protected home routers, according to Lumen Technologies. It targeted at least scores of SOHO devices from manufacturers including