Monthly Archives: May 2024

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law...

21
May
Policy-Relevant Internet Measurement
May 21, 2024

Doug Montgomery (CTL/ Internet Technologies Research Group) participated t in the NSF Workshop on Policy-Relevant...

Five Core Tenets Of Highly Effective DevSecOps Practices

One of the enduring challenges of building modern applications is to make them more secure...

21
May
Achieve security compliance with Wazuh File Integrity Monitoring

File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes...

21
May
Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by...

21
May
Streamlining IT Security Compliance Using the Wazuh FIM Capability

File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes...

21
May
Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

 Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11...

21
May
NextGen Healthcare Mirth Connect Under Attack – CISA Issues Urgent Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth...

21
May
“Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit

Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility...

21
May
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been...

20
May
Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a...

20
May
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

All developers want to create secure and dependable software. They should feel proud to release...

20
May
Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware

A “multi-faceted campaign” has been observed abusing legitimate services like GitHub and FileZilla to deliver...

20
May
Business email compromise: new guidance to protect your organisation
May 20, 2024

How to disrupt targeted phishing attacks aimed at senior executives or budget holders....

Latrodectus Malware Loader Emerges as IcedID’s Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that...

20
May
Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating...

19
May
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March...

19
May
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to...

17
May
New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

A new report from XM Cyber has found – among other insights – a dramatic gap between...

17
May
China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear...

17
May
Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea’s Reconnaissance General...

17
May
CISA Warns of Actively Exploited D-Link Router Vulnerabilities – Patch Now

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers...

17
May
New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE...

16
May
North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs...

16
May
Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines

Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound...

16
May
Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks

The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing...

16
May
Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

Google has rolled out fixes to address a set of nine security issues in its Chrome browser,...

16
May
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity

Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for...

15
May
Google Launches AI-Powered Theft and Data Protection Features for Android Devices

Google has announced a slew of privacy and security features in Android, including a suite...

15
May
Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps

Google is unveiling a set of new features in Android 15 to prevent malicious apps...

15
May