Oct 13, 2023NewsroomAPT / Malware The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary last year, linking it to attacks against … [Read more...] about Researchers Unveil ToddyCat’s New Set of Tools for Data Exfiltration
software vulnerability
ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
Oct 12, 2023Newsroom The threat actors behind ShellBot are leveraging IP addresses transformed into its hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. "The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value," the AhnLab … [Read more...] about ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
Oct 11, 2023NewsroomWebsite Security / Hacking More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagDiv Composer plugin (CVE-2023-3169, … [Read more...] about Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
Google Adopts Passkeys as Default Sign-in Method for All Users
Oct 10, 2023NewsroomPassword Security / Technology Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms. "This means the next time you sign in to your account, you'll start seeing prompts to create and use passkeys, … [Read more...] about Google Adopts Passkeys as Default Sign-in Method for All Users
Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms
Oct 09, 2023NewsroomCredential Harvesting / Hacking Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July 2023, primarily singling … [Read more...] about Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms
North Korea’s Lazarus Group Launders $900 Million in Cryptocurrency
Oct 06, 2023NewsroomCyber Crime / Cryptocurrency As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year. "As traditional entities such as mixers continue to be subject to seizures and sanctions … [Read more...] about North Korea’s Lazarus Group Launders $900 Million in Cryptocurrency
Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike
Oct 06, 2023NewsroomCyber Attack / Malware Threat actors have been observed targeting semiconductor companies in East Asia with lures masquerading as Taiwan Semiconductor Manufacturing Company (TSMC) that are designed to deliver Cobalt Strike beacons. The intrusion set, per EclecticIQ, leverages a backdoor called HyperBro, which is then used as a conduit to deploy the … [Read more...] about Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike
New OS Tool Tells You Who Has Access to What Data
Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential to safeguard an organization's assets, maintain customer trust, and meet regulatory … [Read more...] about New OS Tool Tells You Who Has Access to What Data
Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems
Oct 05, 2023NewsroomNetwork Security / Software Patch Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), is due to the presence of static user credentials for the … [Read more...] about Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems
Wing Disrupts the Market by Introducing Affordable SaaS Security
Oct 04, 2023The Hacker NewsSaaS Security / Enterprise Security Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be launched for $1,500 a year. If the … [Read more...] about Wing Disrupts the Market by Introducing Affordable SaaS Security