Jan 19, 2024NewsroomMalware / Endpoint Security Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. “These applications are being hosted on Chinese pirating websites in order to gain victims,” Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said. “Once detonated, the malware
Month: January 2024
Cybersecurity researchers at Proofpoint have identified the resurgence of TA866 in email threat campaigns after a hiatus of nine months. Writing in an advisory published today, the firm said it thwarted a large-scale campaign on January 11 involving several thousand emails primarily targeting North America. The malicious emails, adopting an invoice-themed guise, were equipped with
Scams, Digital Security Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal Phil Muncaster 17 Jan 2024 • , 5 min. read If you’re on social media or use Google Shopping, the chances are you’ve
Jan 18, 2024NewsroomServer Security / Cryptocurrency Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. “This is the first documented case of malware deploying the 9Hits application as a payload,”
The heightened utilization of AI tools and potential vulnerabilities in gaming have been identified as crucial cybersecurity concerns for children in 2024, according to a new report by Kaspersky. The document, published today, also highlights the growth of FinTech for young people, the rising popularity of smart home devices and the challenge of balancing children’s
Business Security By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk Phil Muncaster 16 Jan 2024 • , 5 min. read Cloud computing is an essential component of today’s digital landscape. IT infrastructure, platforms and software are more likely to
Jan 17, 2024NewsroomFinancial Data / Vulnerability The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland,
Cybersecurity experts have uncovered the active exploitation of CVE-2023-36025, which also led to the dissemination of a new strain of malware called Phemedrone Stealer. This malware explicitly targets web browsers and collects data from cryptocurrency wallets and messaging applications like Telegram, Steam and Discord. Additionally, Phemedrone gathers system information, including hardware details and location, sending
Jan 16, 2024NewsroomVulnerability / Network Security Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are fundamentally the same but exploitable at different HTTP URI paths
Security researchers have discovered a significant increase in global botnet activity between December 2023 and the first week of January 2024, with spikes observed exceeding one million devices. Writing in an advisory published on Friday, Netscout ASERT explained that, on a typical day, approximately 10,000 such devices engaged in malicious reconnaissance scanning last year, with
Jan 15, 2024NewsroomVulnerability / Browser Security Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the
A vulnerability has been discovered in a popular Bosch smart thermostat, allowing potential attackers to send commands to the device and replace its firmware, according to Bitdefender. The vulnerability impacts the Wi-Fi microcontroller that acts as a network gateway for the thermostat’s logic microcontroller. The Bosch smart thermostat products BCC101, BCC102 and BCC50, from version
Jan 14, 2024NewsroomCyber Attack / Vulnerability The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show. The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one which exploited a
Cybercriminal are exploiting employee desires for job satisfaction and orgnaizations’ promise of benefits with a flurry of phishing scams. Pay raises, promotions, holiday bonuses and other ‘life-impacting’ updates are attractive phishing lures, email security provider Cofense warned in a January 10 blog post. A typical approach is to embed links to commodity software used by
Video The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC’s X account right ahead of the much-anticipated decision about Bitcoin ETFs 12 Jan 2024 The US Securities and Exchange Commission’s (SEC) X account was hacked this week to post an unauthorized tweet
Jan 13, 2024NewsroomVulnerability / Network Security Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. “An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series
The US Cybersecurity and Infrastructure Security Agency (CISA) has urged critical infrastructure organizations to address vulnerabilities affecting nine industrial control systems (ICS) products. The report, dated January 11, 2024, highlighted a series of high and critical severity vulnerabilities in products widely used in sectors like energy, manufacturing and transportation. Users and administrators in these sectors
Business Security How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks Mario Micucci 11 Jan 2024 • , 4 min. read In the untold expanse of online information and communication, the ability to find the signal in the noise and discern the authenticity of data
Jan 12, 2024NewsroomVulnerability / Threat Intelligence As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. “These families allow the threat actors to circumvent authentication and provide backdoor access to these devices,”
Fidelity National Financial (FNF) has revealed that around 1.3 million customers’ data may have been exposed during a ransomware attack it suffered in 2023. The firm, which provides title insurance services to the real estate and mortgage industries, notified the Securities and Exchange Commission (SEC) of the number of potentially impacted consumers in an updated
Mobile Security WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride. Phil Muncaster 10 Jan 2024 • , 5 min. read Mobile applications make the world go round. Instant communication services are among the most popular apps on iOS and Android alike – US
Jan 11, 2024NewsroomCybersecurity / Software Security The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. “Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network
Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. In its 2023 Adversary Infrastructure Report, published on January 9, 2024, Recorded Future analyzed the effect of three malware takedown operations that took place in 2023 or before: The Emotet
We Live Progress Is AI companionship the future of not-so-human connection – and even the cure for loneliness? Imogen Byers 09 Jan 2024 • , 7 min. read Modern technology permeates almost every facet of our lives, shaping our day-to-day in ways both subtle and obvious – and indeed in ways we probably never anticipated.
Jan 10, 2024NewsroomServer Security / Cryptocurrency A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. “The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself
A critical vulnerability has been identified in the AI Engine plugin for WordPress, specifically affecting its free version with over 50,000 active installations. The plugin is widely recognized for its diverse AI-related functionalities, allowing users to create chatbots, manage content and utilize various AI tools such as translation, SEO and more. According to an advisory
Jan 09, 2024NewsroomMalware / Cyber Threat A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. “PikaBot’s operators ran phishing campaigns, targeting victims via its two components — a loader and a core module — which enabled unauthorized remote access and allowed the
Security researchers have recently unveiled strategic insights into countering .NET malware through the innovative use of the Harmony library. The research, published earlier today, explores the significance of code manipulation in malware analysis, emphasizing its pivotal role for researchers, analysts and reverse engineers. Traditionally, code functionality is altered through debugging, Dynamic Binary Instrumentation (DBI) or
Jan 08, 2024NewsroomMalware / Cybercrime Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that’s equipped to bypass security software and stealthily launch hidden applications. “The developers operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence,” cybersecurity firm Cyfirma said
In a landmark move, the US National Institute of Standards and Technology (NIST) has taken a new step in developing strategies to fight against cyber-threats that target AI-powered chatbots and self-driving cars. The Institute released a new paper on January 4, 2024, in which it established a standardized approach to characterizing and defending against cyber-attacks on