In the documentation of the current legal battle between WhatsApp and the NSO Group, a firm specializing in espionage software, a hint at a previously unknown method of infection has been revealed. The contract...
The United States Department of State has announced a reward of up to $10 million for any information that leads to the identification and apprehension of the leaders of the cybercriminal group ALPHV/Blackcat, which...
Cybercriminals have targeted users’ data through widespread phishing SMS campaigns, employing a specialized script named SNS Sender that exploits Amazon’s Simple Notification Service (SNS). These SMS messages contain malicious links aimed at stealing personal...
Cybercriminals have commenced targeting iPhone owners with malicious software designed to steal 3D facial scans, facilitating unauthorized access to bank accounts. This was disclosed by Group-IB, a cybersecurity firm, which uncovered that a Chinese...
The United States Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Multi-State Information Sharing and Analysis Center (MS-ISAC), established that unidentified malefactors accessed one of the U.S. government’s internal networks via an...
At the close of 2023, specialists at Cisco Talos identified a campaign orchestrated by the group Turla APT, targeting Polish non-governmental organizations. This assault utilized a novel backdoor, TinyTurla-NG. A distinctive feature of TinyTurla-NG...
A recent investigation into the firmware of Pulse Secure devices by Ivanti has illuminated profound security vulnerabilities within software supply chains. Specialists at Eclypsium uncovered numerous vulnerabilities, showcasing the complexity of safeguarding such software...
In a strikingly orchestrated endeavor during January, the United States authorities successfully dismantled a botnet implicated in conducting espionage and cyberattacks against American and international targets. This operation, spearheaded by law enforcement, entailed purging...
Picus Security’s Red Report reveals a significant increase in the number of incidents targeting corporate security in the past year. The report attributes this rise to the growing sophistication of attackers, who are now...
In a recent security update, Microsoft disclosed a critical vulnerability in the Exchange Server that had been actively exploited in the wild before its remediation on February Patch Tuesday. The vulnerability, tracked as CVE-2024-21410...
After a four-month hiatus, the Bumblebee malware has reemerged, launching extensive phishing campaigns against thousands of organizations within the United States. Bumblebee, a loader discovered in April 2022, is believed to have been developed by...
The German battery manufacturer VARTA AG has encountered a cyberattack that compelled the temporary cessation of production at five of the company’s facilities. Due to the assault on a segment of the company’s IT...
Microsoft has issued a warning to users about a critical vulnerability in its Office suite that permits unauthorized malefactors to execute malicious code. The vulnerability, uncovered by Check Point, has been designated CVE-2024-21413. It...
The Canadian oil transportation network, Trans-Northern Pipelines, has issued a security threat that has caused a stir and concern across the industry: the ransomware group ALPHV, also known as BlackCat, announced the breach of...
As part of its routine security update on Patch Tuesday, Microsoft rectified a vulnerability in SmartScreen that was actively exploited by hackers to disseminate the remote access trojan DarkMe. Let us delve deeper into...
Researchers at Aqua Security have uncovered a critical flaw that enables malefactors to compromise systems running Linux. This vulnerability pertains to the exploitation of the “command-not-found” utility integrated within the Ubuntu distribution, which assists...
