News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed “XcodeSpy,” the trojanized Xcode project is a tainted version of a legitimate, open-source project
0 Comments
Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation development comes on the heels of a proof-of-concept exploit code that
0 Comments
Identity and access management (IAM) allows the “right users” to access the “right technology” (applications, databases, networks, etc.) at the “right time.” But what’s the best way for interviewees to prove to hiring managers that they are the “right fit” for these openings? A broad spectrum of jobs is available in IAM at organizations of
0 Comments
U.S. 5G bandwidth availability has expanded and accelerated considerably in recent months, offering early adopters technological, financial and other competitive advantages. The lower latency and increased bandwidth of 5G are expected to drive an exponential increase in the volume and diversity of data, IoT devices and general innovation, which may simultaneously create an expanded attack
0 Comments
With IoT’s large attack surface and inherent lack of security, hackers have more opportunities to enter an organization’s networks. The IoT industry does not have one clear set of security standards for developers and manufacturers to build in consistent security, but there are many security best practices. IT admins might find it difficult to keep
0 Comments
Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy Mirai variants on compromised systems. “Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers,” Palo Alto Networks’ Unit 42 Threat Intelligence Team
0 Comments
When it comes to developing a comprehensive cybersecurity strategy, no single architecture type or product can protect against all threats. Instead, an assortment of security tools must be deployed — many of which will have overlapping capabilities. This is known as a defense-in-depth strategy. Case in point: endpoint security vs. network security. Each set of
0 Comments
First, there was WannaCry. Now, there is DearCry. A new family of ransomware known as Ransom:Win32/DoejoCrypt.A, or “DearCry,” has infected an unknown number of organizations through multiple zero-day vulnerabilities in on-premises versions of Microsoft Exchange Server, which were initially exploited by various threat actors, including a Chinese nation-state group. The earliest DearCry report came Tuesday
0 Comments
Cybersecurity researchers have unwrapped an “interesting email campaign” undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed “NimzaLoader” by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape. “Malware developers may choose to use a rare
0 Comments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. “CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for
0 Comments
Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that’s believed to be the work of Chinese nation-state actors. Dubbed “RedXOR” by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malware and those previously associated with the Winnti Umbrella (or Axiom) threat group
0 Comments
While the attacks on Microsoft Exchange Servers continue to unfold and questions remain about the number of affected organizations, the scope and severity of the threat has increased significantly. Microsoft last week disclosed multiple zero-day vulnerabilities being exploited by a Chinese nation-state threat group to attack on-premises versions of Microsoft Exchange email servers. The tech
0 Comments
Cyber espionage (cyberespionage) is a form of cyber attack that is carried out against a competitive company or government entity. The goal of cyber espionage, which may also be referred to as cyber spying, is to provide the attacker with information that gives them advantages over competing companies or governments. As of this writing, cyber
0 Comments
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple’s crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users. The findings are a consequence of an exhaustive review undertaken by the Open
0 Comments
Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022. “Instead, our web products will be powered by privacy-preserving APIs which prevent
0 Comments
A nation-state threat actor has been exploiting Microsoft vulnerabilities for at least two months. Microsoft patched four zero-day vulnerabilities Tuesday that were found in its on-premises versions of Microsoft Exchange Server. According to Microsoft’s blog post disclosing the zero-days, the vulnerabilities are being exploited in “limited and targeted attacks” attributed to a Chinese state-sponsored threat
0 Comments
Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize