New CISA tool detects hacking activity in Microsoft cloud services
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs...
News
BlackGuard stealer now targets 57 crypto wallets, extensions
A new variant of the BlackGuard stealer has been spotted in the wild, featuring new capabilities like USB propagation, persistence...
City of Toronto confirms data theft, Clop claims responsibility
City of Toronto is among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree. Other victims listed alongside the Toronto city...
WordPress force patching WooCommerce plugin with 500K installs
Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of...
US-CERT Vulnerability Summary for the Week of March 13, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts
Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI's...
Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of...
Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps
An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications...
2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks
In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate...
US-CERT Vulnerability Summary for the Week of March 13, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
German and South Korean Agencies Warn of Kimsuky’s Expanding Cyber Attack Tactics
German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using...
PoC exploits released for Netgear Orbi router vulnerabilities
Proof-of-concept exploits for vulnerabilities in Netgear’s Orbi 750 series router and extender satellites have been released, with one flaw a...
Hackers inject credit card stealers into payment processing modules
A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding...
Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023
On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day...
Dole discloses employee data breach after ransomware attack
Fresh produce giant Dole Food Company has confirmed threat actors behind a February ransomware attack have accessed the information of...
Facebook accounts hijacked by new malicious ChatGPT Chrome extension
A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over...
North Korean hackers using Chrome extensions to steal Gmail emails
A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence...
CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of...
New ‘Bad Magic’ Cyber Threat Disrupts Ukraine’s Key Sectors Amid War
Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have...
Preventing Insider Threats in Your Active Directory
Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. With this ubiquity and power comes...
NAPLISTENER: New Malware in REF2924 Group’s Arsenal for Bypassing Detection
The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in...
ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques
The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to...
Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with...
New NAPLISTENER Malware Used by REF2924 Group to Evade Network Detection
The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in...
