Month: June 2023

The Swiss Federal Intelligence Service (FIS) released its latest situation report on Tuesday, highlighting the ongoing impact of Russia’s aggression against Ukraine on national and international security. The report emphasized that the increasing rivalry between significant powers heavily influences Switzerland’s security. It also showed how the decline in the effectiveness of international forums like the
Jun 30, 2023The Hacker NewsCyber Espionage/ Malware Charming Kitten, the nation-state actor affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC), has been attributed to a bespoke spear-phishing campaign that delivers an updated version of a fully-featured PowerShell backdoor called POWERSTAR. “There have been improved operational security measures placed in the malware to make it more
Seoul-based e-commerce company Levit, an operator of the shopping app Alwayz, wants to make the shopping experience more entertaining and affordable. The two-year-old startup has recently raised $46 million in a Series B round of funding led by DST Global Partners with participation from new investor BOND and existing backers KB Investment, Mirae Asset Capital,
The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published a comprehensive set of guidelines aimed at defending Continuous Integration/Continuous Delivery (CI/CD) environments. The guidelines address the rising threat of malicious cyber actors (MCAs) exploiting vulnerabilities in CI/CD pipelines, particularly through the exposure of secrets. CI/CD pipelines are essential
Jun 29, 2023Ravie Lakshmanan The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control (C2) framework called PhonyC2 that’s been put to use by the actor since 2021. Evidence shows that the custom made, actively developed framework has been leveraged in the February 2023 attack on Technion, an Israeli research institute,
Canada’s leading integrated energy company Suncor Energy has announced earlier this week that it experienced a cybersecurity incident resulting in technical problems at its subsidiary, Petro-Canada. As a result, more than 1500 gas stations nationwide are unable to accept credit card payments and customers cannot use rewards points. Suncor Energy, ranked as the 48th-largest public company
by Naked Security writer The latest high-profile cybercrime exploits attributed to the Clop ransomware crew aren’t your traditional sort of ransomware attacks (if “traditional” is the right word for an extortion mechanism that goes back only to 1989). Conventional ransomware attacks are where your files get scrambled, your business gets totally derailed, and a message
Jun 28, 2023Ravie LakshmananFirmware Security / Tech Drones that don’t have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which found that it is “feasible to compromise the
Jun 27, 2023Ravie LakshmananMalware / Cyber Threat A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. “The injection is executed without space allocation, setting permissions or even starting a thread,” Security Joes researchers Thiago Peixoto, Felipe Duarte, and Ido Naor
Today’s the day that Showtime officially integrates with Paramount+ in the U.S., giving subscribers access to all Showtime titles, including “Billions,” “Dexter,” “Yellowjackets,” “George & Tammy” and more. The new ad-free plan, Paramount+ with Showtime, costs $11.99 per month and is replacing Paramount+’s premium ad-free plan, which was $9.99. Existing premium subscribers — with or
Arkam Ventures is courting its second fund, aiming for $180 million, nearly doubling the size of its maiden fund, as the Indian venture capital firm gears up to double down on the expanding ‘middle India’ opportunity. The firm’s partners said in an interview that they are hopeful to retain support from high-profile international institutional investors
APIs are a lucrative attack vector for cybercriminals and malicious hackers. In fact, API security vendor Salt Security found 4,845 unique API attackers operated in December 2022 — a 400% increase from six months prior. To reduce the risk of an API-based security breach, the deployment, configuration and security of an API gateway must be
Jun 26, 2023Ravie LakshmananCryptocurrency / Endpoint Security An unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134, said the attack led to the installation of Swiftbelt, a
New versions of Chinese espionage malware have been observed spreading rapidly through infected USB drives. The malicious software tools were discovered by Check Point Research (CPR) as part of an attack against a healthcare institution in Europe and described in an advisory published on Thursday. The Check Point Incident Response Team (CPIRT) investigated the malware