Google to Pay a record $391M fine for misleading users about the collection of location data
Google is going to pay $391.5 million to settle with 40 states in the U.S. for secretly collecting personal location...
News
Previously undetected Earth Longzhi APT group is a subgroup of APT41
Trend Micro reported that the Earth Longzhi group, a previously undocumented subgroup of APT41, targets Ukraine and Asian Countries. Early this...
Avast details Worok espionage group’s compromise chain
Cyber espionage group Worok abuses Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. Researchers...
Advanced threat predictions for 2023
It is fair to say that since last year’s predictions, the world has dramatically changed. While the geopolitical landscape has...
Massive Black hat SEO campaign used +15K WordPress sites
Experts warn of a malicious SEO campaign that has compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals....
KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks
Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials....
CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine
Russian threat actors employed a new ransomware family called Somnia in attacks against multiple organizations in Ukraine. The Government Computer...
Have board directors any liability for a cyberattack against their company?
Are the directors of a company hit by a cyberattack liable for negligence in failing to take steps to limit...
Ukraine Police dismantled a transnational fraud group that made €200 million per year
Ukraine’s Cyber Police and Europol arrested 5 Ukrainian citizens who are members of a large-scale transnational fraud group. Ukraine’s cyber...
Lockbit gang leaked data stolen from global high-tech giant Thales
The Lockbit 3.0 ransomware gang started leaking the information allegedly stolen from the global high-tech company Thales. Thales is a...
$1 billion of FTX customer funds have vanished, Reuters reported
Crypto exchange FTX appears to have been hacked, rumors state that attackers stole $600 million drained from the company’s wallets....
Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan
Experts discovered two new malicious dropper apps on the Google Play Store distributing the Xenomorph banking malware. Zscaler ThreatLabz researchers...
Canadian supermarket chain giant Sobeys suffered a ransomware attack
Sobeys, the second-largest supermarket chain in Canada, was he victim of a ransomware attack conducted by the Black Basta gang....
An initial access broker claims to have hacked Deutsche Bank
An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on...
CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOS
This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used...
Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware
Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two...
Man charged for role in LockBit ransomware operation
The U.S. DoJ charged a Russian-Canadian national for his alleged role in LockBit ransomware attacks against organizations worldwide. The U.S. Department of...
Researcher received a $70k award for a Google Pixel lock screen bypass
Google fixed a high-severity security bug affecting all Pixel smartphones that can allow attackers to unlock the devices. Google has...
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine
Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. In Mid-October, Microsoft Threat Intelligence...
The state of cryptojacking in the first three quarters of 2022
Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and...
Apple out-of-band patches fix remote code execution bugs in iOS and macOS
Apple released out-of-band patches for iOS and macOS to fix a couple of code execution vulnerabilities in the libxml2 library....
Researchers warn of malicious packages on PyPI using steganography
Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files....
A bug in ABB Totalflow flow computers exposed oil and gas companies to attack
A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to...
APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity
Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity. Mandiant researchers in...
