News

Jun 06, 2023Ravie LakshmananMobile Security / Malvertising Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular apps to redirect users to serve unwanted ads to users as part of a campaign ongoing since October 2022. “The campaign is designed to aggressively push adware to Android devices

A critical Zyxel vulnerability is being widely exploited by threat actors targeting the vendor’s network devices, researchers said. Trapa Security researchers initially discovered the OS command injection vulnerability, tracked as CVE-2023-28771. Zyxel published an advisory on April 25 disclosing the vulnerability with patches available for each of the company’s affected devices, including its firewall, VPN

Jun 05, 2023Ravie LakshmananZero Day / Cyber Attack Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. “Exploitation is often followed by deployment of a web shell with data exfiltration capabilities,” the Microsoft Threat Intelligence team

A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of

Jun 03, 2023Ravie LakshmananEndpoint Security / Linux An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an “extremely high degree of similarity” between Royal and BlackSuit.

A critical vulnerability in Progress Software’s MoveIt Transfer is under exploitation, according to a report from Rapid7. The zero-day vulnerability, which Progress disclosed Wednesday, is a SQL injection flaw that could lead to escalated privileges and potential unauthorized access in the managed file transfer (MFT) product. Currently, there is no patch available for the flaw,

Jun 02, 2023Ravie LakshmananBotnet / Malware Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. “Horabot enables the threat actor to control the victim’s Outlook mailbox, exfiltrate contacts’ email addresses, and send phishing emails with malicious HTML attachments to all addresses

Jun 01, 2023Ravie LakshmananProgramming / Supply Chain Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools. “It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed,”

May 31, 2023Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have found “backdoor-like behavior” within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged

Microsoft Azure has certifications to validate your knowledge and help you along your cloud career path. One of these core certifications that all IT administrators and security administrators should pass is AZ-500: Microsoft Azure Security Technologies. Once you pass this exam, you become a Microsoft Certified: Azure Security Engineer Associate. This certification targets Azure Security

May 30, 2023Ravie LakshmananZero Day / Vulnerability Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week. The vulnerabilities were demonstrated by three different teams from Qrious Secure, STAR Labs, and DEVCORE

May 29, 2023Ravie LakshmananCyber Threat / Malware A crypter (alternatively spelled cryptor) malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016. Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per month.

Smart contracts execute processes, transactions and other tasks when specific events, conditions and logic are met, depending on how they are programmed. Smart contracts are deployed on a blockchain, such as Ethereum or other distributed ledger infrastructure, where they listen for events and updates from cryptographically secure data feeds called oracles. These contracts often control

May 27, 2023Ravie LakshmananAPI Security / Vulnerability A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using

A Chinese nation-state threat group is conducting intrusion and espionage campaigns against U.S. critical infrastructure entities, according to a new report by Microsoft. In a blog post Wednesday, Microsoft Threat Intelligence detailed the ongoing campaign that involves a group of Chinese state-sponsored hackers it tracks as “Volt Typhoon” that’s been active since 2021. Because the

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. “It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility,” Trend Micro said in a

A smart contract is a type of blockchain application that performs transactions and other processes according to a set of rules defined within the program’s code. The contract executes automatically if its terms are met; it doesn’t depend on a person, institution or other third-party intermediary. Many people associate smart contracts with cryptocurrency platforms, where

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google’s Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android. The spyware,

May 25, 2023Ravie LakshmananFinancial Security / Cyber Threat A Brazilian threat actor is targeting more than 30 Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021. “The attackers can steal credentials and exfiltrate users’ data and personal information, which can be leveraged for malicious activities beyond financial gain,”

Threat actors are leveraging malicious kernel-level drivers in two separate campaigns detailed on Monday by Fortinet and Trend Micro. Kernel-level threats are considered serious due to the complete access a compromise at that level provides a threat actor. Fortinet’s Monday research concerns WinTapix, a driver used primarily in attacks against organizations in the Middle East,

If you’re involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical applications.

May 23, 2023Ravie LakshmananCyber Threat / Malware The North Korean advanced persistent threat (APT) group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation. “Lately, Kimsuky has been consistently distributing custom malware as part of reconnaissance campaigns to enable subsequent attacks,”

May 22, 2023Ravie LakshmananCyber Espionage / Malware New findings about a hacker group linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area reveal that it may have been around for much longer than previously thought. The threat actor, tracked as Bad Magic (aka Red Stinger), has not only been linked to a fresh

Dish Network said in a data breach notification this week that it had “received confirmation” that data stolen by threat actors in a February ransomware attack was deleted, suggesting the company had paid the ransom. The satellite television provider revealed on Feb. 28 via an 8-K filing that it had suffered a ransomware attack. Dish

May 21, 2023Ravie LakshmananSoftware Security / Malware The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further notice. “The volume of malicious users and malicious projects being created on the index in

To protect customer data, customer service agents should be able to understand and employ several data privacy best practices. Every employee within an organization is responsible for ensuring customer data remains secure and for maintaining trust. Whether cybersecurity teams employ role-based access to data or CX teams place limits on the amount and types of

The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a fatal operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two criminals operating an account on the Russian-language Exploit.in

May 19, 2023Ravie LakshmananOnline Privacy / Tech News Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for

What is secure access service edge (SASE)? Secure access service edge, also known as SASE and pronounced sassy, is a cloud architecture model that bundles together network and cloud-native security technologies and delivers them as a single cloud service. SASE lets organizations unify their network and security tools in a single management console. This provides

May 18, 2023The Hacker NewsCybersecurity Webinar Cybersecurity is constantly evolving, but complexity can give hostile actors an advantage. To stay ahead of current and future attacks, it’s essential to simplify and reframe your defenses. Zscaler Deception is a state-of-the-art next-generation deception technology seamlessly integrated with the Zscaler Zero Trust Exchange. It creates a hostile environment