APIs Under Attack: $75 Billion Annual Cost
In a recent report titled “The State of API Security in 2024” by Imperva, it was revealed that the majority of internet traffic, approximately 70%, is attributed to API calls. In 2023, an average...
Category: Information Security
AcidPour: New Linux Wiper Threat Targets x86 Devices
Security researchers at SentinelLabs have uncovered a new variant of the wiper, AcidRain, meticulously engineered for assaults on Linux x86 devices. Dubbed AcidPour, this malicious entity manifests as a binary ELF file, tailored for...
Cyber Siege: How Iran and China Threaten America’s Water Security
The Biden administration has issued a stark warning regarding the risk of cyberattacks targeting the United States’ water supply systems, highlighting the continuous threats posed by hackers affiliated with the governments of Iran and...
Azorult Malware Evades Detection: New Campaign Exposed
Netskope Threat Labs has uncovered a new campaign leveraging Google Sites phishing pages to disseminate the info-stealer AZORult. This phishing endeavor is not yet attributed to any specific malefactor or group; it aims to...
70 Million AT&T Records Found on Hacker Forum
Over the past weekend, an immense database containing more than 70 million records, purportedly stolen from the American telecommunications behemoth AT&T in 2021, was discovered on a cybercriminal forum. According to Dark Web Informer,...
DEEP#GOSU Exposed: New Cyber Espionage Campaign
The cybersecurity firm Securonix has uncovered a new campaign in which hackers employ sophisticated techniques to infiltrate Windows computers and exfiltrate confidential data. Named DEEP#GOSU, the campaign is believed to be linked to the...
Ethereum Wallets Under Attack: CREATE2 Exploit Exposed
Specialists at Check Point Research have uncovered a method of attacking Ethereum blockchain wallets via the CREATE2 function, which enables cybercriminals to circumvent standard security measures and gain unauthorized access to users’ funds. The...
ITG05 Strikes: Global Phishing Campaign Exposed
IBM X-Force reports a series of phishing campaigns by ITG05, involving the distribution of counterfeit documents purporting to be from governmental and non-governmental organizations across Europe, the Caucasus, Central Asia, and both North and...
France Travail Breach Compromises Data of Millions
In a significant breach of data security, the largest employment agency in France, France Travail—formerly known as Pole Emploi—compromised the personal information of over 43 million citizens. This incident affected approximately two-thirds of the...
Gitgub Campaign: Info Stealer Targets GitHub Users
Security researchers have uncovered multiple repositories on GitHub distributing malicious software under the guise of cracked versions of popular software. In a malicious operation dubbed “gitgub,” specialists from the German company G DATA identified...
Apex Legends Finals Halted: Integrity Breach Rocks Tournament
The finale of the North American division of the esteemed eSports discipline Apex Legends was abruptly suspended due to a breach of “competitive integrity.” A nefarious individual managed to infiltrate the computers of professional...
Stolen Crypto Funneled Through Tornado Cash by Lazarus Group
Recent research from the blockchain analytics firm Elliptic reveals that the North Korean hacker group Lazarus has resumed using the Tornado Cash service to launder stolen funds. A total of $23 million, pilfered during...
Chinese Users Targeted: Notepad++ Search Results Poisoned
In recent research, it was revealed that Chinese users seeking official versions of software like Notepad++ and VNote through search engines such as Baidu are increasingly falling victim to cunning cybercriminals. The attacks are...
Ransomware Alert: StopCrypt Upgrade Bypasses Defenses
Security researchers have unveiled a new variant of the ransomware StopCrypt, also known as STOP. This iteration employs a complex, multistage execution process using shell codes to circumvent security tools, rendering the malware particularly...
CVE-2023-5528: Critical Kubernetes Exploit Grants Attackers SYSTEM Privileges
Security experts have recently disclosed a high-severity vulnerability in Kubernetes that, under certain conditions, could allow an attacker to remotely execute code with elevated privileges. “The vulnerability allows remote code execution with SYSTEM privileges on...
Hackers Abuse Windows Feature: RedCurl’s Stealthy Attack
Trend Micro has unveiled novel cyberattack methodologies employed by the RedCurl group, which manipulates a legitimate Windows component to execute malevolent commands. The Program Compatibility Assistant (PCA), designed to address compatibility issues with older...
