Nov 22, 2023NewsroomAuthentication Security / Windows A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found
Cameroonian health startup Waspito has secured a $2.5 million seed extension from DP World through Newtown Partners, Saviu Ventures, AAIC Investment, Axian ventures and CFAO’s Health54 to spur its growth in the Francophone region. Waspito is a health-focused social network that allows users (patients) to access and consult with verified doctors over video calls. Additionally,
Security researchers have detected a Russian-language Word document carrying a malicious macro in the ongoing Konni campaign.  Despite its September 2023 creation date, FortiGuard Labs’ internal telemetry revealed continued activity on the campaign’s command-and-control (C2) server.  This long-running campaign utilizes a remote access Trojan (RAT) capable of extracting information and executing commands on compromised devices, employing
Nov 21, 2023NewsroomRansomware-as-a-service The ransomware strain known as Play is now being offered to other threat actors “as a service,” new evidence unearthed by Adlumin has revealed. “The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step
India’s Enforcement Directorate, its anti-money laundering agency, has found that Byju’s violated the nation’s foreign exchange law to the tune of $1.08 billion, a person familiar with the matter told TechCrunch. The findings, which ED plans to make public as early as Tuesday, follows the agency searching the premises of Byju’s and its founder Byju
By Published: 20 Nov 2023 Security executives are increasingly seeking to outsource their enterprise security tasks, driven partly by the growing complexity of the work and the challenge to keep ahead of proliferating cyber threats. The rising use of managed security service providers (MSSPs) is significant. Global spending for managed security services will grow to
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a Mitigation Guide specifically tailored for the Healthcare and Public Health (HPH) sector. The new guide outlines defensive mitigation strategies and best practices to counteract prevalent cyber-threats targeting critical infrastructure in the healthcare domain. The paper, published on Friday, emphasizes the importance of vulnerability management,
Nov 20, 2023NewsroomMalware / Network Security Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. “The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns,” VMware Carbon Black researchers said
Microsoft has hired OpenAI co-founders Sam Altman and Greg Brockman to head up a “new advanced AI research team,” the software conglomerate’s chief Satya Nadella said Monday, capping an intense three days of discussions following the unexpected decision by OpenAI’s board to dismiss Altman. Many OpenAI members, including the co-founder Brockman, left the firm in protest
Welcome back to The Interchange, where we take a look at the hottest fintech news of the previous week. If you want to receive The Interchange directly in your inbox every Sunday, head here to sign up! This week, we dig into spend management companies’ AI aspirations, and one U.K. fintech’s recent growth. AI ambitions At one
Adopting machine learning and other AI technologies for risk management and security-oriented use cases offers valuable business benefits to organizations. Many AI-powered risk management tools rely on the mass computing scale achievable in the cloud, where large quantities of data can be analyzed and processed rapidly. But on-premises systems can also support the use of
Royal Mail has revealed a multimillion-pound cost attached to a serious ransomware breach it suffered earlier this year. The British postal service company was hit by a LockBit affiliate, in an incident which caused “severe service disruption” for items sent abroad. It later transpired that the ransomware actors were demanding nearly $80m from the firm
Nov 18, 2023NewsroomCyber Attack / USB Worm Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities. Check Point, which detailed Gamaredon’s (aka Aqua Blizzard, Iron Tilden, Primitive Bear, Shuckworm, and Winterflounder) latest tactics, branded the group as engaging
Video An attack against a port operator that ultimately hobbled some 40 percent of Australia’s import and export capacity highlights the kinds of supply chain shocks that a successful cyberattack can cause 17 Nov 2023 This week, one of Australia’s major port operators, DP World, had to pull the plug on its internet connection and
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a detailed cybersecurity advisory on the sophisticated Scattered Spider threat group, urging critical infrastructure (CNI) firms to implement its mitigation recommendations. The group (also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest and Muddled Libra) is thought to be responsible for big-name
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by cybercriminals. “Most of the group’s Phobos variants are distributed by SmokeLoader, a backdoor trojan,” security researcher Guilherme Venere
In a joint cybersecurity advisory on Tuesday, CISA detailed dangerous techniques leveraged by Scattered Spider, the threat group reportedly behind a series of high-profile and disruptive cyber attacks. Since emerging onto the threat landscape in 2022, Scattered Spider has been observed conducting sophisticated social engineering attacks, employing successful evasion techniques, and deploying Alphv/BlackCat ransomware to
Nov 17, 2023NewsroomMalvertising / Malware Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. “The malicious advertisement directs the user to a compromised WordPress
Divisions over how to set rules for applying artificial intelligence are complicating talks between European Union lawmakers trying to secure a political deal on draft legislation in the next few weeks, as we reported earlier this week. Key among the contested issues is how the law should approach upstream AI model makers. French startup Mistral
The Cloud Security Alliance (CSA) has introduced the Certificate of Competence in Zero Trust (CCZT), the industry’s inaugural authoritative zero trust certification.  CSA said the certification responds to the evolving landscape of pervasive technology and the inadequacy of legacy security models. It aims to equip security professionals with the knowledge necessary to develop and implement
Nov 16, 2023NewsroomVulnerability / Email Security A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. “Most of this activity occurred after the initial fix became public on GitHub,” Google Threat Analysis Group (TAG) said in a report