Novel Phishing Method Used in Android/iOS Financial Fraud Campaigns
A recently discovered sophisticated mobile phishing technique has been observed in financial fraud campaigns across the Czech Republic, Hungary and...
News
New DNS-Based Backdoor Threat Discovered at Taiwanese University
A newly identified security threat utilizing a rarely seen DNS-based communication method has been discovered by threat analysts in an...
Vermin Cyber-Attacks Target Ukraine, Exploiting Kursk Battle
Ukraine’s Computer Emergency Response Team (CERT-UA) has uncovered cyber-attacks which use malicious emails with photos of alleged prisoners of war...
Iranian Group TA453 Launches Phishing Attacks with BlackSmith
The Iranian-linked threat actor TA453 (also known as Charming Kitten) has been observed launching a sophisticated phishing attack using a...
Czech Mobile Users Targeted in New Banking Credential Theft Scheme
Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application...
Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys
As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon...
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware
Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024...
Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker...
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in...
CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited...
Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information
Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible...
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America
Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals...
SUSE Linux Kernel Multiple Vulnerabilities
Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial...
RedHat Linux Kernel Multiple Vulnerabilities
Multiple vulnerabilities were identified in RedHat Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
US-CERT Vulnerability Summary for the Week of August 12, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia
A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT...
Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware
Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks...
Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor...
Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks
Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a...
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group
Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of...
Google to Remove App that Made Google Pixel Devices Vulnerable to Attacks
A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used...
OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda
OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence...
Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign
A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain...
Florida-Based National Public Data Confirms Data Breach
National Public Data, a US background check company, suffered a data breach in April 2024 that could have exposed sensitive...
