Cybercriminals have commenced targeting iPhone owners with malicious software designed to steal 3D facial scans, facilitating unauthorized access to bank accounts. This was disclosed by Group-IB, a cybersecurity firm, which uncovered that a Chinese...
The United States Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Multi-State Information Sharing and Analysis Center (MS-ISAC), established that unidentified malefactors accessed one of the U.S. government’s internal networks via an...
At the close of 2023, specialists at Cisco Talos identified a campaign orchestrated by the group Turla APT, targeting Polish non-governmental organizations. This assault utilized a novel backdoor, TinyTurla-NG. A distinctive feature of TinyTurla-NG...
A recent investigation into the firmware of Pulse Secure devices by Ivanti has illuminated profound security vulnerabilities within software supply chains. Specialists at Eclypsium uncovered numerous vulnerabilities, showcasing the complexity of safeguarding such software...
In a strikingly orchestrated endeavor during January, the United States authorities successfully dismantled a botnet implicated in conducting espionage and cyberattacks against American and international targets. This operation, spearheaded by law enforcement, entailed purging...
Picus Security’s Red Report reveals a significant increase in the number of incidents targeting corporate security in the past year. The report attributes this rise to the growing sophistication of attackers, who are now...
In a recent security update, Microsoft disclosed a critical vulnerability in the Exchange Server that had been actively exploited in the wild before its remediation on February Patch Tuesday. The vulnerability, tracked as CVE-2024-21410...
After a four-month hiatus, the Bumblebee malware has reemerged, launching extensive phishing campaigns against thousands of organizations within the United States. Bumblebee, a loader discovered in April 2022, is believed to have been developed by...
The German battery manufacturer VARTA AG has encountered a cyberattack that compelled the temporary cessation of production at five of the company’s facilities. Due to the assault on a segment of the company’s IT...
Microsoft has issued a warning to users about a critical vulnerability in its Office suite that permits unauthorized malefactors to execute malicious code. The vulnerability, uncovered by Check Point, has been designated CVE-2024-21413. It...
The Canadian oil transportation network, Trans-Northern Pipelines, has issued a security threat that has caused a stir and concern across the industry: the ransomware group ALPHV, also known as BlackCat, announced the breach of...
As part of its routine security update on Patch Tuesday, Microsoft rectified a vulnerability in SmartScreen that was actively exploited by hackers to disseminate the remote access trojan DarkMe. Let us delve deeper into...
Researchers at Aqua Security have uncovered a critical flaw that enables malefactors to compromise systems running Linux. This vulnerability pertains to the exploitation of the “command-not-found” utility integrated within the Ubuntu distribution, which assists...
The Cisco Talos research team uncovered a vast espionage campaign targeted at a non-profit charitable organization in Saudi Arabia. Commencing in March 2021, the campaign employed a previously unknown custom backdoor named Zardoor, which...
In the latest Patch Tuesday update released by Microsoft in February 2024, a total of 73 vulnerabilities in the company’s software were addressed, including two zero-day vulnerabilities that were actively being exploited by malefactors,...
A 17-year-old researcher discovered that through the Juniper customer support portal, information about devices and support contracts for numerous clients could be accessed. The data leak has been ongoing since September 2023. Esteemed cybersecurity...
