September 27, 2022

The Australian Federal Police (AFP) on Monday disclosed it’s working to gather “crucial evidence” and that it’s collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. “Operation Hurricane has been launched to identify the criminals behind […]

September 26, 2022

Cybersecurity today matters so much because of everyone’s dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT ‘network’ – all […]

September 26, 2022

The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. “Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration […]

September 26, 2022

The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed. The total for June was 381,717 attacks or […]

September 26, 2022

Executive Summary NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that can be found mainly via search engines. These websites are often related to crack, keygen and […]

September 26, 2022

Ukrainian law enforcement authorities on Friday disclosed that it had “neutralized” a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. The group specialized in the sales of 30 million accounts belonging […]

September 23, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog. The details of in-the-wild exploitation of […]

September 23, 2022

A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against […]

September 23, 2022

The firm’s researchers have identified seven new security holes in InsydeH2O UEFI firmware provided by Insyde Software. The impacted code is used by dozens of other companies, including major vendors such as HP, Dell, Intel, Microsoft, Fujitsu, Framework, and Siemens. […]

September 23, 2022

Most mass malicious mailing campaigns are very primitive and hardly diverse, with the content limited to several sentences offering the user to download archives that supposedly contain some urgent bills or unpaid fines. The email messages may contain no signatures […]

September 23, 2022

An SMS-based phishing campaign is targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. The Microsoft 365 Defender Research Team said that the messages contain links that redirect users to a sketchy website that triggers […]

September 22, 2022

Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. “Each virtual disk in Oracle’s cloud has a unique identifier called OCID,” Shir Tamari, […]

September 22, 2022

StackHawk, the company making application security testing part of software delivery, today announced its Deeper API Security Test Coverage release. This expands StackHawk’s solution to help developers scan the entire API layer to uncover potential vulnerabilities. Today’s application architectures require […]

September 22, 2022

Noname Security announced the findings from its API security report, “The API Security Disconnect – API Security Trends in 2022”, which revealed a rapidly growing number of API security incidents, concerning lack of API visibility, and a level of misplaced […]

September 22, 2022

Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. The vulnerability exists in the Python tarfile module which is a default module in any […]

September 22, 2022

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. “If left unremedied and successfully exploited, this vulnerability could be used for […]

September 21, 2022

Organizations’ use of the cloud is increasing, but this is contributing to a rise in the volume of cloud security incidents. In the 2022 Cloud Security Report, 98% of organizations told Check Point they use the cloud to host business […]

September 21, 2022

The company made the headlines after that threat actors have stolen around $160 million worth of digital assets. The company confirmed the disruption of its services in the coming days, but it pointed out that it is “solvent with twice […]

September 21, 2022

The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the list of communications equipment and services that have been deemed a threat to national […]

September 21, 2022

The vulnerabilities affecting the iBoot-PDU product were identified by researchers at industrial cybersecurity firm Claroty, who found a total of seven issues, including ones allowing a remote, unauthenticated attacker to execute arbitrary code. iBoot PDU vulnerabilitiesThe impacted PDU provides a […]