Uncategorized

North Korean Hacker Group Andariel Strikes with New EarlyRat Malware

North Korean Hacker Group Andariel Strikes with New EarlyRat Malware 29/06/2023 at 14:32 By The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. “Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the command-and-control

North Korean Hacker Group Andariel Strikes with New EarlyRat Malware Read More »

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data 29/06/2023 at 14:32 By Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. “As a result of the attack, the criminals gained access to email addresses, telephone

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users’ Personal Data Read More »

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users’ Accounts

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users’ Accounts 29/06/2023 at 11:18 By A critical security flaw has been disclosed in miniOrange’s Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 (CVSS score: 9.8),

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users’ Accounts Read More »

Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data

Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data 29/06/2023 at 08:32 By A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts. Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF file with a Russian name

Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data Read More »

Security leaders discuss NSA guide to mitigate BlackLotus threat

Security leaders discuss NSA guide to mitigate BlackLotus threat 28/06/2023 at 19:03 By The National Security Agency (NSA) is warning of a known vulnerability in the Microsoft Windows secure startup process that malicious actors could use to bypass Secure Boot protection and execute BlackLotus malware. This article is an excerpt from Subscribe to Security Magazine’s

Security leaders discuss NSA guide to mitigate BlackLotus threat Read More »

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control 28/06/2023 at 18:21 By Drones that don’t have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which found that

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control Read More »

CryptosLabs Scam Ring Targets French-Speaking Investors, Rakes in €480 Million

CryptosLabs Scam Ring Targets French-Speaking Investors, Rakes in €480 Million 28/06/2023 at 17:32 By Cybersecurity researchers have exposed the workings of a scam ring called CryptosLabs that’s estimated to have made €480 million in illegal profits by targeting users in French-speaking individuals in France, Belgium, and Luxembourg since April 2018. The syndicate’s massive fake investment

CryptosLabs Scam Ring Targets French-Speaking Investors, Rakes in €480 Million Read More »

Research reveals rise in sophisticated attacks against mobile devices

Research reveals rise in sophisticated attacks against mobile devices 28/06/2023 at 16:47 By Research finds 187% increase in the number of compromised devices that were fully exploited, highlighting growing risks posed to mobile-powered businesses This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

Research reveals rise in sophisticated attacks against mobile devices Read More »

5 Things CISOs Need to Know About Securing OT Environments

5 Things CISOs Need to Know About Securing OT Environments 28/06/2023 at 14:05 By For too long the cybersecurity world focused exclusively on information technology (IT), leaving operational technology (OT) to fend for itself. Traditionally, few industrial enterprises had dedicated cybersecurity leaders. Any security decisions that arose fell to the plant and factory managers, who

5 Things CISOs Need to Know About Securing OT Environments Read More »

8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses

8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses 28/06/2023 at 14:05 By A ransomware threat called 8Base that has been operating under the radar for over a year has been attributed to a “massive spike in activity” in May and June 2023. “The group utilizes encryption paired with ‘name-and-shame’ techniques to compel their

8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses Read More »

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution 28/06/2023 at 11:17 By Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. “These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements,” SonarSource researcher Thomas

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution Read More »

Part 2: Preparing the Board of Directors for the SEC’s Upcoming Cybersecurity Compliance Regulations

Part 2: Preparing the Board of Directors for the SEC’s Upcoming Cybersecurity Compliance Regulations 27/06/2023 at 19:17 By In March 2022, the U.S. Securities and Exchange Commission (SEC) issued a proposed rule, the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, that, if adopted, would require companies to disclose their cybersecurity governance capabilities and the

Part 2: Preparing the Board of Directors for the SEC’s Upcoming Cybersecurity Compliance Regulations Read More »

New Mockingjay Process Injection Technique Could Let Malware Evade Detection

New Mockingjay Process Injection Technique Could Let Malware Evade Detection 27/06/2023 at 18:02 By A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. “The injection is executed without space allocation, setting permissions or even starting a thread,” Security Joes researchers

New Mockingjay Process Injection Technique Could Let Malware Evade Detection Read More »

New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain

New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain 27/06/2023 at 17:37 By Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems. “The packages in question seem to be published in pairs, each pair working in unison

New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain Read More »

Scroll to Top