admin

0 Comments
Fidelity National Financial (FNF) has revealed that around 1.3 million customers’ data may have been exposed during a ransomware attack it suffered in 2023. The firm, which provides title insurance services to the real estate and mortgage industries, notified the Securities and Exchange Commission (SEC) of the number of potentially impacted consumers in an updated
0 Comments
Jan 11, 2024NewsroomCybersecurity / Software Security The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. “Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network
0 Comments
Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. In its 2023 Adversary Infrastructure Report, published on January 9, 2024, Recorded Future analyzed the effect of three malware takedown operations that took place in 2023 or before: The Emotet
0 Comments
A critical vulnerability has been identified in the AI Engine plugin for WordPress, specifically affecting its free version with over 50,000 active installations.  The plugin is widely recognized for its diverse AI-related functionalities, allowing users to create chatbots, manage content and utilize various AI tools such as translation, SEO and more.  According to an advisory
0 Comments
Security researchers have recently unveiled strategic insights into countering .NET malware through the innovative use of the Harmony library.  The research, published earlier today, explores the significance of code manipulation in malware analysis, emphasizing its pivotal role for researchers, analysts and reverse engineers. Traditionally, code functionality is altered through debugging, Dynamic Binary Instrumentation (DBI) or
0 Comments
Jan 08, 2024NewsroomMalware / Cybercrime Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that’s equipped to bypass security software and stealthily launch hidden applications. “The developers operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence,” cybersecurity firm Cyfirma said
0 Comments
Steeped in AI and the security risks of its use, the 2023 SANS Holiday Hack Challenge was an enrichening experience of navigating a series of 21 objectives that tested and broadened multiple cybersecurity skills. The best challenges for me were hunting down AI hallucinations in a pentest report, escalating privileges on a Linux system, searching
0 Comments
In a landmark move, the US National Institute of Standards and Technology (NIST) has taken a new step in developing strategies to fight against cyber-threats that target AI-powered chatbots and self-driving cars. The Institute released a new paper on January 4, 2024, in which it established a standardized approach to characterizing and defending against cyber-attacks on
0 Comments
Jan 06, 2024NewsroomMalware / Cyber Attack The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware “crashes the operating system in a way that it cannot be rebooted.” The intrusions have been attributed to an Iranian
0 Comments
Cyber-attacks targeting Web3 cost organizations $1.84bn in 2023 across 751 incidents, according to Certik’s Hack3d: The Web3 Security Report 2023. The average cost per incident was $2.45m in 2023. However, there was a wide disparity between the losses suffered, with the 10 most costly attacks alone accounting for $1.11bn. The highest costs occurred in Q3,
0 Comments
Jan 06, 2024NewsroomCyber Espionage / Supply Chain Attack Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as Sea Turtle. “The infrastructure of the targets was susceptible to supply chain
0 Comments
The US Justice Department (DoJ) announced that 19 individuals involved in managing and using the late xDedic cybercrime marketplace have been charged with lengthy prison sentences. The list includes two xDedic administrators, Pavlo Kharmanskyi, a Ukrainian man who was arrested while trying to enter the US, and Alexandru Habasescu, of Moldovan nationality, who was arrested
0 Comments
Jan 05, 2024NewsroomEndpoint Security / Malware Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors. “SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based
0 Comments
Two years after suffering a series of major beaches, LastPass has started implementing stricter password measures for its customers. These include the requirement for all customers to use a master password with at least 12 characters. This measure has been LastPass’ default option since 2018. In April 2023 it was made mandatory for new customers
0 Comments
Over 100 European banks will be tested on their cyber-attack response and recovery capabilities this year, the European Central Bank (ECB) has announced. The EU’s central bank will conduct its first ever cyber resilience stress test on 109 directly supervised banks in 2024. This test will focus on the banks’ ability to respond to a
0 Comments
Jan 03, 2024NewsroomMalware / Data Theft Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access
0 Comments
Over $80m worth of cryptocurrency has been stolen following a cyber-attack on cross-chain bridge project Orbit Chain. The blockchain revealed the incident on its X account on January 1, 2024, informing users that an “unidentified access” to Orbit Bridge was confirmed on December 31, 2023. 🚨Urgent🚨 Dear Orbit Bridge Users, An unidentified access to Orbit
0 Comments
Jan 02, 2024The Hacker NewsBrowser Security / Threat Protection Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it
0 Comments
Jan 01, 2024NewsroomWindows Security / Vulnerability Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach “leverages executables commonly found
0 Comments
Dec 29, 2023NewsroomEmail Security / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the agency between December 15 and 25,
0 Comments
The German authorities have announced the takedown of a notorious dark web marketplace known for selling drugs, malware and other illegal items. The federal police service (BKA) and the Frankfurt prosecutor’s office for cybercrime (ZIT) announced the news on Wednesday, but revealed the coordinated action took place on December 16. The English-language Kingdom Market, which was
0 Comments
Dec 30, 2023NewsroomCryptocurrency / Phishing Scam Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. “These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto
0 Comments
Digital Security As we draw the curtain on another eventful year in cybersecurity, let’s review some of the high-profile cyber-incidents that occurred in 2023 Phil Muncaster 28 Dec 2023  •  , 5 min. read It’s been another monumental year in cybersecurity. Threat actors thrived against a backdrop of continued macroeconomic and geopolitical uncertainty, using all