News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize
0 Comments
We’re in the midst of a cybersecurity staffing crisis. Many major news outlets, such as The New York Times, have reported that unfilled jobs in the industry are expected to reach up to 3.5 million this year — leaving existing security teams stretched thin and burnt out. To make matters worse, attackers have increased their
0 Comments
Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. “An attacker could exploit this vulnerability by sending a crafted request to the affected API,” the company said in an advisory published yesterday. “A successful exploit
0 Comments
First came the breach, then came the blackmail; now the Vastaamo Psychotherapy Centre has closed its doors for good. Four months after revealing it suffered a data breach in which patient records were stolen, Finland’s largest psychotherapy center has declared bankruptcy. A significant part of the incident occurred after threat actors attempted to extort the
0 Comments
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. “Threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts,” Proofpoint said in an
0 Comments
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without users’
0 Comments
A nation-state threat group cloned and used a U.S. government cyberweapon years before it was exposed by the Shadow Brokers in 2017. A China-based advanced persistent threat group, known as APT31 or Zirconium, utilized a Windows zero-day exploit belonging to the Equation Group — an American APT widely understood to be a part of the
0 Comments
An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay
0 Comments
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger — a .NET-based malware with capabilities to hinder
0 Comments
Given the exponential growth of e-commerce and online transactions, cybersecurity has never been more critical. Hackers may attempt to invade our privacy in several ways, but one area they find particularly enticing is credit card information. Stolen credit cards can negatively impact not just your finances, but your personal identity and privacy as well. Effectively
0 Comments
Without a strong network security strategy, IT security will fall short — and vice versa. The National Security Agency (NSA) has identified three basic functions to form the foundation of a good IT security system. These functions are critical to preventing 93% of cyber incidents, according to an NSA presentation. We at NetCraftsmen have identified
0 Comments
Apple’s upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google. A built-in security-focused feature in the Safari browser, “Fraudulent Website Warning,” alerts users about dangerous websites that have
0 Comments
Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users’ mailboxes for personal gain. “The employee was one of three system administrators with
0 Comments
Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover its tracks, only to stealthily collect SMS, encrypted messaging app content, and geolocation, among
0 Comments
In what’s a novel supply chain attack, a security researcher managed to breach over 35 major companies’ internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a substitution attack, takes advantage of the fact that a piece of software