Hackers use VPN provider’s code certificate to sign malware
The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with...
News
US-CERT Vulnerability Summary for the Week of August 7, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info phoenixcontact -- wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels...
New Juniper Junos OS Flaws Expose Devices to Remote Attacks – Patch Now
Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of...
WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams
Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct...
Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That's according...
WinRAR flaw lets hackers run programs when you open RAR archives
A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can...
The Week in Ransomware – August 18th 2023 – LockBit on Thin Ice
While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggio's...
Interpol arrests 14 suspected cybercriminals for stealing $40 million
An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation...
Proxyjacking and Cryptomining Campaign Targets GitLab
Security researchers have discovered a new financially motivated cyber-threat campaign designed to make money from cryptomining and proxyjacking while staying...
Chinese Hackers Use DLL Hijacking to Target Asian Gamblers
Security researchers have spotted a new Chinese espionage campaign targeting Asian gambling companies, which they suspect is the work of...
UK’s AI Safety Summit Scheduled For Early November
The UK’s much-anticipated summit on AI safety will reportedly be held in November, with cybersecurity experts welcoming the government’s focus...
Interpol-Led Africa Cyber Surge II Nets 14 Cybercrime Suspects
A collaborative effort led by Interpol, known as Africa Cyber Surge II, has yielded significant results in combating cybercrime across...
QR Code Campaign Targets Major Energy Firm
A significant phishing campaign employing QR codes has recently come to light, with a major US-based energy company as one...
Cybersecurity Study Reveals Web App Vulnerability Crisis
A recent cybersecurity study has brought to light a concerning vulnerability crisis affecting web applications. CyCognito’s semi-annual State of External Exposure...
US-CERT Vulnerability Summary for the Week of August 7, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info phoenixcontact -- wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels...
14 Suspected Cybercriminals Arrested Across Africa in Coordinated Crackdown
A coordinated law enforcement operation across 25 African countries has led to the arrest of 14 suspected cybercriminals, INTERPOL announced...
The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack
While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats)...
Google Chrome’s New Feature Alerts Users About Auto-Removal of Malicious Extensions
Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert...
New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools
Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds...
New Wave of Attack Campaign Targeting Zimbra Email Users for Credential Theft
A new "mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect...
Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams
Back in January 2020, we blogged about a tech support scam campaign dubbed WoofLocker that was by far using the...
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular...
Hackers ask $120,000 for access to multi-billion auction house
Hackers claim to have breached the network of a major auction house and offered access to whoever was willing to...
Phishing campaign steals accounts for Zimbra email servers worlwide
An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration...
