COVID Does Not Spread to Computers
“…well, of course!” is what you might think. It’s a biological threat, so how could it affect digital assets? But hang on. Among other effects, this pandemic has brought about a massive shift in...
Tagged: information security
FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors
A peer-to-peer Golang botnet has resurfaced after more than a year to compromise servers belonging to entities in the healthcare, education, and government sectors within a span of a month, infecting a total of...
Nobelium Hackers Used COVID-19 Lures to Compromise European Diplomatics Missions
The Russian threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. click here to read...
Palestinian Hackers Use New NimbleMamba Implant in Recent Attacks
An advanced persistent threat (APT) hacking group operating with motives that likely align with Palestine has embarked on a new campaign that leverages a previously undocumented implant called NimbleMamba. The intrusions leveraged a sophisticated...
New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps
Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as...
U.S. Authorities Charge 6 Indian Call Centers Scamming Thousands of Americans
A number of India-based call centers and their directors have been indicted for their alleged role in placing tens of millions of scam calls aimed at defrauding thousands of American consumers. The indictment charged...
Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors
As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface (UEFI) firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo,...
Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets
Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as...
Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing
Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim’s network to further propagate spam emails and widen the infection pool. The tech giant...
Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads
Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users’ browsing habits into approximately 350 topics. Thee new framework,...
Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked...
Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers
An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even...
Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure
The disclosure comes days after Microsoft warned of a malware operation aimed at government, non-profit, and information technology entities in Ukraine, linked to a threat cluster dubbed “DEV-0586.” click here to read full Article...
Cyber Threat Protection — It All Starts with Visibility
Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the...
Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts
Cybersecurity researchers have disclosed details of a now-patched bug in Box’s multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. “Using this technique, an attacker could use stolen credentials...
Don't Use Public Wi-Fi Without DNS Filtering
Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today’s society. I like the fact that I do not have to worry about accessing...
