ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families In this blogpost we examine the operation of AceCryptor, originally documented by Avast. This cryptor has been around since 2016 and because – throughout its existence – it has been used to pack tens of malware families,
A smart contract is a type of blockchain application that performs transactions and other processes according to a set of rules defined within the program’s code. The contract executes automatically if its terms are met; it doesn’t depend on a person, institution or other third-party intermediary. Many people associate smart contracts with cryptocurrency platforms, where
Romanian cybersecurity firm Safetech launched its official presence in the UK on May 23, 2023, underscoring the recent growth of the UK’s cybersecurity sector. Plans to build a security operations center (SOC) at the Plexal Innovation Hub based in London were announced during the company’s launch event. Anca Stancu, co-founder and managing partner of Safetech
by Paul Ducklin A PYTHON PERSPECTIVE VORTEX No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our
Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google’s Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android. The spyware,
OpenAI has expanded the availability of its ChatGPT app for iOS users in India and 32 other countries — just a week after its launching it in the U.S. The list of new countries include Algeria, Argentina, Azerbaijan, Bolivia, Brazil, Canada, Chile, Costa Rica, Ecuador, Estonia, Ghana, India, Iraq, Israel, Japan, Jordan, Kazakhstan, Kuwait, Lebanon,
South Korea’s economic model has for decades leaned on export-led manufacturing operated by family-owned corporate giants. A 2015 report from McKinsey outlined how the country would need small companies to drive an innovative model in preparation for the next phase of economic growth. “The key to fostering such innovation is a vibrant startup community. …
Small and medium-sized businesses (SMBs) are increasingly being targeted by advanced persistent threat (APT) actors globally, Proofpoint has found. In a new report published on May 24, 2023, the Proofpoint research team saw that state-aligned threat actors from Russia, Iran and North Korea were specifically targeting SMBs across the world in in phishing attacks conducted
by Paul Ducklin It’s taken more than five years for justice to be served in this case, but the cops and the courts got there in the end. The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man
May 25, 2023Ravie LakshmananFinancial Security / Cyber Threat A Brazilian threat actor is targeting more than 30 Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021. “The attackers can steal credentials and exfiltrate users’ data and personal information, which can be leveraged for malicious activities beyond financial gain,”
ChatGPT, OpenAI’s text-generating AI chatbot, has taken the world by storm. It’s able to write essays, code and more given short text prompts, hyper-charging productivity. But it also has a more…nefarious side. In any case, AI tools are not going away — and indeed has expanded dramatically since its launch just a few months ago.
Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business Approximately one in seven people in Europe and the United States are self-employed, often realizing their dream to be in charge of their own destiny and having more freedom and control over their careers. But
Q1 2023 marks the first quarter Jumia’s new management implemented its strategy after riding out the blueprint of previous management in Q4 2022. The result? Jumia saw its losses decrease significantly: adjusted EBITDA loss dropped 51% year-over-year to $27 million, on track to meet the company’s end-of-year target of $100-120 million in adjusted losses. Similarly,
Threat actors are leveraging malicious kernel-level drivers in two separate campaigns detailed on Monday by Fortinet and Trend Micro. Kernel-level threats are considered serious due to the complete access a compromise at that level provides a threat actor. Fortinet’s Monday research concerns WinTapix, a driver used primarily in attacks against organizations in the Middle East,
Washington has sanctioned four entities and one individual involved in obfuscated revenue generation and malicious cyber activities that support the North Korean government, the US Treasury announced on May 23, 2023. Three entities, the Pyongyang University of Automation, the Technical Reconnaissance Bureau and its subordinate cyber unit, the 110th Research Center, have been sanctioned because
by Paul Ducklin Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to ReactOS.org, from PHP Packagist to the Python Package Index, better known as PyPI, are a fantastic source (sorry!) of free operating systems, applications, programming libraries, and developers’ toolkits that have done computer science and software engineering a world
If you’re involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical applications.
It was back in the Pandemic era of 2021 that we reported on the launch of Moonfire, at the time a $60 million “Fund I” seed-stage “data-driven” VC geared around the new world of remote working and remote pitching. It’s new $115 million fund-raise (“Fund II”) plans to continue what it calls its “data-driven” approach.
ESET researchers discover AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio ESET researchers have discovered a trojanized Android app that had been available on the Google Play store with over 50,000 installs. The app, named iRecorder – Screen Recorder, was initially uploaded to the store without malicious
Peloton is revamping its workout app to offer users three different tiers, including a new free tier and an upscaled one that costs $24 per month. The company announced on Tuesday that it’s looking to rebrand as a fitness company for all, as opposed to being known as an in-home bike company. The first tier
In the digital world, what’s useful today can become harmful tomorrow. Unfortunately, this is precisely what happened with iRecorder – Screen Recorder. This screen-recording Android application with over 50,000 installs was launched in September 2021 as a legitimate app. However, the app now contains a new Android remote access Trojan (RAT) based on AhMyth. This
by Naked Security writer In November 2022, we wrote about a multi-country takedown against a Cybercrime-as-a-Service (CaaS) system known as iSpoof. Although iSpoof advertised openly for business on a non-darkweb site, reachable with a regular browser via a non-onion domain name, and even though using its services might technically have been legal in your country
Summary Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, and it supports multiple authentication methods. The premium version of Azure AD also supports Conditional Access policies (CAPs) that grant or block access based on defined criteria, such as device compliance or user location. Azure AD stores the settings for the
May 23, 2023Ravie LakshmananCyber Threat / Malware The North Korean advanced persistent threat (APT) group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation. “Lately, Kimsuky has been consistently distributing custom malware as part of reconnaissance campaigns to enable subsequent attacks,”
JioMart, Reliance Retail’s online shopping platform, has laid off over 1,000 employees and plans to cut as many as 9,900 more roles over the coming weeks, according to a report, as the Indian retail giant looks to improve its margins. The shakeup, reported by the Indian daily Economic Times, comes in the wake of JioMart’s
Jonathan Martinez Contributor Jonathan Martinez is a former YouTuber, UC Berkeley alum and growth marketing nerd who’s helped scale Uber, Postmates, Chime and various startups. More posts by this contributor Are you spending too much on paid acquisition? Your site needs more than just one user onboarding experience I’m lucky enough to have worked for
Facebook’s owner Meta has been fined €1.2bn ($1.3m) by EU regulators for violating the General Data Protection Regulation (GDPR), the Irish Data Protection Commission (DPC) announced on May 22, 2023. The Irish watchdog claimed that Meta’s transfers of personal data to the US on the basis of standard contractual clauses (SCCs) since 16 July 2020
May 22, 2023Ravie LakshmananCyber Espionage / Malware New findings about a hacker group linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area reveal that it may have been around for much longer than previously thought. The threat actor, tracked as Bad Magic (aka Red Stinger), has not only been linked to a fresh
China has banned some sales of Micron products after launching a probe into the American memory chip giant for cybersecurity risks in early April. The decision is widely seen as part of the tit-for-tac in the ongoing U.S.-China economic competition, which has started to upend a deeply intertwined global tech supply chain. Last year, the
Over the past several years, environmental, social and governance (ESG) initiatives took the business world by storm. The bottom line was no longer all that mattered. Customers and investors alike wanted to know how companies were tackling a host of ESG issues, from climate change to diversity, equity and inclusion. More recently, the model has
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 311
- Next Page »