Cyber Security

This is where news and updates on Cyber Security are published on a daily basis.

Toward the end of 2022, a number of entrepreneurs — some citing Elon Musk — told me they planned to bring back in-person work culture in the following year to help promote productivity and, in some cases, loyalty. One founder even told me over drinks that they weren’t worried about losing talent — claiming that
As our latest APT Activity Report makes abundantly clear, the threat of cyberespionage and stealthy attacks remains very real The threat of cyberespionage and stealthy cyberattacks remains very real, and the data from ESET’s T3 2022 APT Activity Report released this week backs this up. In this video, Tony shares some of the key takeaways
Ok, I’m late to the party. Very late. Most analysts and just about all my Enterprise Strategy Group colleagues have already published their predictions for 2023. In my defense, the identity space is hot, hot, hot — which is keeping me busy, busy, busy. And that brings me to my first identity prediction. 1. Economic
Threat actors have been observed using malvertising attacks to distribute virtualized .NET malware loaders dubbed “MalVirt.” According to a Thursday advisory by SentinelOne, the new loaders leverage obfuscated virtualization techniques to avoid detection. “The loaders are implemented in .NET and use virtualization, based on the KoiVM virtualizing protector of .NET applications, in order to obfuscate
Feb 04, 2023Ravie LakshmananEnterprise Security / Ransomware VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. “These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021,” the Computer Emergency Response Team (CERT) of France said in an
What is Dridex malware? Dridex is a form of malware that targets its victims’ banking information, with the main goal of stealing online account credentials to gain access to their financial assets. Malware, or malicious software, is a type of software intended to cause harm to a user. Specifically, Dridex malware is classified as a
A US man could face a maximum jail term of 40 years after being charged with fraudulently obtaining $110m of cryptocurrency from crypto exchange Mango Markets and its customers. Avraham Eisenberg, 27, was living in Puerto Rico when he carried out the alleged scheme, according to the Department of Justice (DoJ). He’s now been charged
Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and
Security experts claim to have discovered the first “cryptorom” scam applications to have successfully bypassed Apple’s strict App Store vetting processes. The two apps in question, Ace Pro and MBM_BitScan, were also discovered on Google Play. However, it is their presence on the App Store, usually governed by stricter security protocols, which will alarm users.
Feb 02, 2023Ravie LakshmananDatabase Security / Cryptocurrency At least 1,200 Redis database servers worldwide have been corralled into a botnet using an “elusive and severe threat” dubbed HeadCrab since early September 2021. “This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number
Waverly Labs, the company behind wearables focused on translation, has launched an app called Forum that helps users translate and transcribe audio in real-time. The company says the solution is useful for lecturers, auditoriums and theaters. What’s more, it is also compatible with video calling apps like Zoom, Microsoft Teams and Google Meet. Forum is
Listen to this podcast This podcast episode discusses the law enforcement operation that led to the infiltration and takedown of the Hive network and what it could mean for other ransomware gangs. The U.S. Department of Justice last week announced a major victory in the fight against ransomware with the takedown and seizure of Hive’s
A critical new vulnerability disclosed by network-attached storage (NAS) vendor QNAP this week could be exploited on almost 30,000 devices globally, according to Censys. The security firm scanned the internet to find 67,415 hosts running QNAP-based systems around the world. Although it could only find the version number on 30,250 of them, a worrying 98%
Feb 01, 2023The Hacker NewsSIEM / Kubernetes Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T3 2022 ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan,
Superstrata’s e-bike is a strange specimen — there’s no two ways about it. In some ways that makes sense; the bike’s concept, borne out in seamless 3D-printed carbon fiber, springs from an equally strange premise. We’ll get into that. Talking to Sonny Vu, founder of Superstrata’s parent company Arevo, the bikes were crafted not out