Top

Cyber warfare, Cyber-crime

Chinese threat actor DragonSpark targets East Asian businesses

January 25, 2023

Via: CSO Online

Organizations in Taiwan, HongKong, Singapore and China have been recently facing attacks from a Chinese threat actor DragonSpark. The threat actor was observed using open source tool SparkRAT for its attacks, according to a report by SentinelOne. SparkRAT is multi-platform, […]


Threats & Malware, Virus & Malware

Perimeter 81 boosts malware protection

January 25, 2023

Via: TechRadar

Perimeter 81 says it has gotten even better at protecting its customers from internet-borne risks, as it adds malware protection to its growing list of services. The new offering works as a combination of continually updated signature-based detection, and advanced […]


Cyber-crime, Identity theft

GoTo admits: Customer cloud backups stolen together with decryption key

January 25, 2023

Via: Naked Security

GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you’ve ever used GoTo Webinar (online meetings and seminars), GoToMyPC (connect and control someone else’s computer for […]


Threats & Malware, Vulnerabilities

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

January 25, 2023

Via: The Hacker News

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 […]


Threats & Malware, Vulnerabilities

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability

January 24, 2023

Via: The Hacker News

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code […]


Threats & Malware, Virus & Malware

Emotet Malware Makes a Comeback with New Evasion Techniques

January 24, 2023

Via: The Hacker News

The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially reemerged in late 2021 […]


Cloud security, Security

Skyhawk launches platform to provide threat detection and response across multi-cloud environments

January 24, 2023

Via: CSO Online

Cloud threat detection vendor Skyhawk Security has released a platform designed to address alert fatigue that provides cloud detection and response (CDR) across multi-cloud environments, the company said Tuesday in a statement. The company says the Synthesis platform is being […]


Access control, Security

How passkeys are changing authentication

January 24, 2023

Via: CSO Online

Passwords are a central aspect of security infrastructure and practice, but they are also a principal weakness involved in 81% of all hacking breaches. Inherent useability problems make passwords difficult for users to manage safely. These security and useability shortcomings […]


Threats & Malware, Vulnerabilities

CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog

January 24, 2023

Via: Security Affairs

The US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine […]


Cyber warfare, Cyber-crime

FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft

January 24, 2023

Via: The Hacker News

The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack […]


Mobile, Mobile security

Security experts take down spam network hitting millions of iOS devices

January 23, 2023

Via: TechRadar

Researchers have uncovered a huge network of fake apps running fake ads, mainly on iOS devices. The operation was named ‘Vastflux’ in reference to its use of the Video Ad Serving Template specification, as well as the fast-flux technique to […]


Data loss, Threats & Malware

Companies Impacted by Recent Mailchimp Breach Start Notifying Customers

January 23, 2023

Via: Security Week

Marketing automation platform Mailchimp revealed recently that its security team discovered unauthorized access to one of its tools on January 11. The tool is used by the company’s customer-facing teams for support and account administration. According to Mailchimp, the hacker […]


Mobile, Mobile security, Threats & Malware, Vulnerabilities

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

January 23, 2023

Via: The Hacker News

Two security flaws have been disclosed in Samsung’s Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked […]


Threats & Malware, Virus & Malware

Microsoft OneNote attachments are being used to spread malware

January 23, 2023

Via: TechRadar

Hackers have discovered a new way to bypass the macro block in Microsoft Office files and still deliver malware to unsuspecting victims through the company’s suit of online collaboration apps. Security experts at BleepingComputer found freshly distributed phishing emails equipped […]


Threats & Malware, Virus & Malware

Malware Blurs Line Between Banking Trojan and Surveillance

January 23, 2023

Via: DataBreach Today

An improved Android banking Trojan dubbed Hook by security researchers is capable of taking remote control of mobile device, contributing to the growing overlap between surveillance malware and financial fraud. The Trojan, which analysis by Danish cybersecurity firm ThreatFabric characterizes […]


Application security, Security

Wallarm API Leak Management detects leaked API keys and secrets

January 23, 2023

Via: Help Net Security

Wallarm has launched the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak. […]


Threats & Malware, Vulnerabilities

Trained developers get rid of more vulnerabilities than code scanning tools

January 23, 2023

Via: Help Net Security

An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security […]


Privacy protection, Security

WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws

January 20, 2023

Via: The Hacker News

The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta’s WhatsApp for violating data protection laws when processing users’ personal information. At the heart of the ruling is an update to the messaging platform’s […]


Threats & Malware, Vulnerabilities

Drupal Patches Vulnerabilities Leading to Information Disclosure

January 20, 2023

Via: Security Week

The Drupal core issue exists because the Media Library module does not perform proper checks on entity access in some cases, which could allow users who can edit content to view metadata about media items that they should not have […]


Threats & Malware, Virus & Malware

Ransomware Shuts Hundreds of Yum Brands Restaurants in UK

January 20, 2023

Via: Security Week

A government filing posted Thursday says the attack impacted information technology systems. Yum Brands said the attackers took company data, but that there is no evidence customer data was stolen. Around 300 U.K. stores were closed for one day but […]