Security researchers flagged hundreds of fake apps to Google last year, warning that millions of users may have unwittingly infected their devices with malware. Zscaler made the claims in its ThreatLabz 2024 Mobile, IoT, & OT Threat Report, which covers the period June 2023 to April 2024. The security vendor discovered over 200 malicious apps
Oct 14, 2024Ravie LakshmananNetwork Security / Vulnerability A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate
A shortage of cybersecurity expertise and capacity in global SMBs is fueling talent burnout and creating new opportunities for threat actors, Sophos has warned. The UK-headquartered security vendor polled 5000 IT and security professionals in 14 countries, 1402 of whom work in organizations with 100-500 employees, to compile its report: Addressing the cybersecurity skills shortage
Oct 13, 2024Ravie Lakshmanan The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for
The US Customs and Border Protection (CBP) agency has been forced to release documentation on CBP One, its border control app accused of mishandling migrants’ personal data. In December 2022, digital rights advocacy organization Access Now submitted a Freedom of Information Act (FOIA) request in the US, seeking all records from the CBP One app’s
Video ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities 11 Oct 2024 This week, ESET researchers published the results of their probe into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic
Oct 12, 2024Ravie LakshmananCryptocurrency / Cybercrime The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S. Federal Bureau
NHS England has posted an alert relating to a critical Veeam Backup & Replication vulnerability which is now under active exploitation by ransomware groups. Successful exploitation of the vulnerability (CVE-2024-40711) could lead to remote code execution (RCE), the alert noted. RCE could allow attackers to run code on a remote device without the need for
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. “In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC,
A new disinformation campaign, dubbed “Operation MiddleFloor,” has been observed targeting Moldova ahead of its October elections. Identified by Check Point Research (CPR), the campaign, which began in August 2024, seeks to influence Moldova’s national referendum on European Union membership by fostering negative views of the EU and the country’s pro-European leadership. Unlike many other
The growing popularity of online marketplaces has attracted fraudsters preying on unsuspecting buyers and sellers, looking to score payment card information rather than to strike a bargain. ESET researchers have found that one such organized scammer network – which uses Telekopye, a toolkit discovered by ESET Research in 2023 – has expanded its operations to
Oct 10, 2024Ravie LakshmananCybercrime / Disinformation OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating
A privacy flaw in Apple’s new iPhone mirroring feature, introduced with macOS 15.0 Sequoia and iOS 18, has been identified. This bug, discovered by cybersecurity experts at Sevco, enables personal apps on an iPhone to be listed in a company’s software inventory when the feature is used on work computers, creating a significant privacy concern
Business Security Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility? Tony Anscombe 08 Oct 2024 • , 5 min. read It’s undeniable that cyber insurance and cybersecurity are intrinsically linked. One requires the other, and they are a perfect pairing, even if they may
Oct 09, 2024Ravie LakshmananCybercrime / Threat Detection Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime
American Water, the largest publicly regulated water and wastewater utility in the US, has disclosed on Monday that it had fallen victim to a cyber-attack, affecting certain internal systems. The New Jersey-based company, which provides essential water and wastewater services to over 14 million people across 14 states, said it moved quickly to secure its
Oct 08, 2024Ravie LakshmananZero-Day / Vulnerability Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation
Universal Music Group (UMG), one of the world’s largest music corporations, has disclosed a data breach that occurred in mid-July 2024. According to afiling with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal
ESET researchers discovered a series of attacks on a governmental organization in Europe using tools capable of targeting air-gapped systems. The campaign, which we attribute to GoldenJackal, a cyberespionage APT group that targets government and diplomatic entities, took place from May 2022 to March 2024. By analyzing the toolset deployed by the group, we were
Oct 07, 2024Ravie LakshmananIoT Security / Botnet Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet “issued over 300,000 attack commands, with a shocking attack density” between September
Sellafield Ltd has been fined £332,500 ($437,440) for cybersecurity failings running the Sellafield nuclear facility in Cumbria, North-West England. The fine was issued by Westminster Magistrates Court following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities – before they
A financially-motivated threat actor has been observed targeting organizations globally with a MedusaLocker ransomware variant, according to an analysis by Cisco Talos. The variant, known as “BabyLockerKZ,” has been around since at least late 2023, and this is the first time it has been specifically called out as a MedusaLocker variant. This variant uses the
Video As highlighted by new ESET research this week, attributing a cyberattack to a specific threat actor is a complex affair 04 Oct 2024 Attributing a cyberattack to a specific threat actor is no easy task, as highlighted by new ESET research published this week. ESET experts recently uncovered a new China-aligned APT group that
Oct 05, 2024Ravie LakshmananData Privacy / Mobile Security Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords
Playbooks and tools are only as good as the people using them and a lack of trust and cooperation can derail even the most carefully crafted cyber response. Both technical teams and non-cyber business leaders must have the right skills and experiences to successfully deal with inevitable cyber incidents in an evolving threat landscape. The
Digital Security Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices Tony Anscombe 01 Oct 2024 • , 3 min. read As we enter October, governments, non-profit organizations, cybersecurity vendors and many companies with corporate social responsibility teams are all likely gearing up to push out some
Oct 04, 2024Ravie LakshmananPhishing Attack / Cybercrime Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly
A new vulnerability in the LiteSpeed Cache plugin for WordPress has been identified that could allow unauthenticated attackers to inject malicious code into websites. The flaw, discovered by TaiYou from Patchstack’s bug bounty program, impacts the plugin’s CSS queue generation process and affects over six million active installations. The vulnerability, tracked as CVE-2024-47374, is an
ESET researchers observed several campaigns targeting governmental institutions in Thailand, starting in 2023. These attacks leveraged revamped versions of components previously attributed by other researchers to the China-aligned advanced persistent threat (APT) group Mustang Panda, and later, a new set of tools that abuse service providers such as Pastebin, Dropbox, OneDrive, and GitHub to execute
- 1
- 2
- 3
- …
- 132
- Next Page »