Month: July 2023

The Android spyware known as SpyNote has been targeting financial institutions since late 2022 while expanding its capabilities to carry out bank fraud.  Security researchers at Cleafy have recently shared new findings about SpyNote, saying the malware exploits Accessibility services and various Android permissions to conduct multiple malicious activities.  SpyNote distribution occurs through email phishing
Observability and security platform Dynatrace today announced that it plans to acquire Rookout, a Tel Aviv-based observability startup that focuses on helping developers troubleshoot and debug their code in production. Publicly traded Dynatrace already offers a comprehensive suite of observability tools, but the addition of Rookout will allow it to expand these services with code-level
Jul 31, 2023THNCyber Threat / Botnet The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. “The malware compromises exposed instances of the Redis data store by exploiting the replication feature,” Cado Security researchers Nate Bill and Matt Muir said
The battle between two of China’s largest e-commerce firms is heating up, as they take the cutthroat tactics that have long been around in the country to the international markets they both covet. Chinese e-commerce deals giant Pinduoduo’s affiliate, Temu, which is aggressively expanding overseas, recently filed a court document in the U.S. accusing fast
New research has highlighted the severe risks posed by forged certificate attacks, which can lead to unauthorized access to important company resources. These attacks, known as the Shadow Credentials technique, involve attackers exploiting certain parts of a system called Active Directory (AD) that manages user access to various services. Kaspersky cybersecurity expert Alexander Rodchenko conducted
Lately I’ve been thinking about media publishing startups (think Semafor and Puck) and their fundraising rounds. Semafor recently raised a $44 million seed round, and Puck raised a $7 million Series A in 2021. The Messenger, among the newest in the industry, recently raised $50 million. Publishing media jobs are uncertain, pushing those with an
Jul 29, 2023The Hacker NewsBrowser Security / Data Security Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop “The Definitive Browser Security RFP Template.” This resource helps streamline
Jul 29, 2023THNAndroid / Malware A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures. CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal cryptocurrency wallet-related credentials and act as
Welcome to Startups Weekly. Sign up here to get it in your inbox every Friday. Not to get all GrumpyManYellsAtCloud.gif, but I’m getting pretty tired of the myth of the dropped-out-of-college founders. Investors — and the broader ecosystem — have known for a long time that while there are some high-profile outliers, it’s much easier
CardioComm Solutions, a Canadian medical provider of consumer heart monitoring and medical ECG software solutions, has disclosed a cybersecurity incident on Tuesday that occurred on the company’s servers. To address the situation, CardioComm said it is collaborating closely with KPMG-EGYDE, relevant authorities and third-party cybersecurity experts.  The company assures its customers that there is no evidence
by Paul Ducklin ONE WEEK, TWO BWAINS Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.
Jul 27, 2023THNLinux / Endpoint Security Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users. “The impacted
Bloom Money, a U.K.-based fintech, has raised £1 million to digitize an informal financial management system employed by ethnic communities across the world. Often referred to as “rotating savings and credit association” (ROSCA), the microcredit system varies in the details around the world, but usually, it involves an informal gathering of people from a certain
It may be high priority, but organizations still approach security hygiene and posture management haphazardly in silos, which opens doors for cyber adversaries. Security hygiene and posture management is the bedrock of cybersecurity. But before thinking about acceptable use policies, security awareness training or an assortment of security technologies, organizations must have a full understanding
The threat of vendor email compromise (VEC) attacks has escalated, with recent data showing a sharp increase in such cyber-threats.  According to a new report published by cybersecurity firm Abnormal Security earlier today, VEC attacks – a variant of business email compromise (BEC) – pose a significant risk to organizations worldwide. These attacks impersonate trusted
Infoblox has unveiled crucial updates on the “Decoy Dog” remote access trojan (RAT) toolkit in a new threat report published today.  Initially discovered and disclosed in April 2023, Decoy Dog has proven to be more sophisticated than previously thought, using DNS for command-and-control (C2) and is suspected to be employed in ongoing nation-state cyber-attacks. Following Infoblox’s