News

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate. “PixPirate belongs to the newest generation of Android

Ok, I’m late to the party. Very late. Most analysts and just about all my Enterprise Strategy Group colleagues have already published their predictions for 2023. In my defense, the identity space is hot, hot, hot — which is keeping me busy, busy, busy. And that brings me to my first identity prediction. 1. Economic

Feb 04, 2023Ravie LakshmananEnterprise Security / Ransomware VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. “These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021,” the Computer Emergency Response Team (CERT) of France said in an

What is Dridex malware? Dridex is a form of malware that targets its victims’ banking information, with the main goal of stealing online account credentials to gain access to their financial assets. Malware, or malicious software, is a type of software intended to cause harm to a user. Specifically, Dridex malware is classified as a

Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and

Feb 02, 2023Ravie LakshmananDatabase Security / Cryptocurrency At least 1,200 Redis database servers worldwide have been corralled into a botnet using an “elusive and severe threat” dubbed HeadCrab since early September 2021. “This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number

Listen to this podcast This podcast episode discusses the law enforcement operation that led to the infiltration and takedown of the Hive network and what it could mean for other ransomware gangs. The U.S. Department of Justice last week announced a major victory in the fight against ransomware with the takedown and seizure of Hive’s

Feb 01, 2023The Hacker NewsSIEM / Kubernetes Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform

Threat actors exfiltrated encrypted customer account data and an encryption key for a number of GoTo services in a breach first disclosed last November. Remote work technology provider GoTo, formerly LogMeIn, published an update Monday to a blog post dedicated to a breach that occurred last year. At the time the breach was disclosed on

Jan 31, 2023Ravie LakshmananData Security / Vulnerability Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1

Endpoint detection and response products are a step up from the antivirus products of old, using automation and machine learning to combat emerging threats. Enterprises that rely on Windows Server will want to enlist multiple layers of protection to keep critical workloads from being overtaken by bad actors. In addition to malware safeguards, many endpoint

Jan 28, 2023Ravie LakshmananEmail Security / Cyber Threat Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. “Attackers looking to exploit unpatched Exchange servers are not going to go away,” the

In today’s world, cybercrime is evolving daily. According to a special report by Cybersecurity Ventures, cybercrime is expected to cause a staggering $10.5 trillion in annual losses by 2025. Therefore, it’s more crucial than ever for both businesses and individuals to stay up to date on the latest developments in cybersecurity. Podcasting is an excellent

Jan 29, 2023Ravie LakshmananCyber Threat / Malware The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is “exclusive to this group.” Gootkit,

Jan 28, 2023Ravie LakshmananServer Security / DNS The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. “A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and

Hive ransomware servers were seized in an international law enforcement operation led by the FBI, the U.S. Department of Justice announced in a press conference Thursday. Reports of the takedown first came Thursday morning when security researchers noted on Twitter that Hive’s dark web leak site had been replaced by an apparent takedown notice from

In what’s a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. “Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying

As ChatGPT grows more popular among writers and creators, another group also is likely to use the technology: scammers. Currently, OpenAI, the creator of the hugely popular conversational language model, restricts some misuse of the technology — for example, preventing it from saying or doing things that could be racist. However, Microsoft — a major

Jan 26, 2023Ravie LakshmananThreat Detection / Endpoint Security Cybersecurity researchers have unearthed a new Python-based attack campaign that leverages a Python-based remote access trojan (RAT) to gain control over compromised systems since at least August 2022. “This malware is unique in its utilization of WebSockets to avoid detection and for both command-and-control (C2) communication and

Jan 25, 2023Ravie LakshmananData Breach / Remote Work Tool LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers’ data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted

The need for cybersecurity professionals has never been greater. Given the ever-expanding roles of technology, data and AI in the enterprise, the need to protect, detect and remediate against cyber attacks is of existential importance across every sector. At the same time, organizations of all kinds are grappling with the much-discussed cybersecurity talent shortage. A

Jan 24, 2023Ravie LakshmananEncryption / Privacy Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default. “Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end

T-Mobile Thursday disclosed a data breach that affected approximately 37 million customer accounts. The mobile carrier said in a notification on its website that a “bad actor” used a single API to obtain personal data from customer accounts. According to the notification, there is no evidence that the threat actor breached or compromised T-Mobile’s network

Jan 23, 2023Ravie LakshmananMobile Security / Malvertising Researchers have shut down an “expansive” ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices. “VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players

Jan 20, 2023Ravie LakshmananCyber War / Cyber Attack The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. “The Gamaredon group’s network infrastructure relies on multi-stage Telegram accounts for victim

IT security pros use a variety of tools to gather timely and actionable information about threat actors that enables them to proactively combat an ever-growing variety and frequency of cyber attacks. One key tool that can help security teams handle this task is a security analytics platform. Let’s examine these tools, why they’re important, what

Jan 20, 2023Ravie LakshmananNetwork Security / Mobile Hacking Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the

Ransomware payments dropped from $766 million in 2021 to $457 million in 2022, according to new research from blockchain research firm Chainalysis. The research, published as a blog post Thursday, is dedicated to the revenue threat actors gained via ransomware payments last year. In addition to the 2022 and 2021 figures, Chainalysis said it tracked

Jan 20, 2023Ravie LakshmananFirewall / Network Security A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October

Jan 19, 2023Ravie LakshmananEmail Security / Security Breach Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. “The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained