The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) announced today that major retail banks will phase out the use of One-Time Passwords (OTPs) for bank account logins within the next three months. This change…
Category: EN
A week in security (July 8 – July 14)
A list of topics we covered in the week of July 8 to July 14 of 2024 This article has been indexed from Malwarebytes Read the original article: A week in security (July 8 – July 14)
Several DOD IT Programs Still Don’t Have a Cyber Strategy, Watchdog Finds
The U.S. Government Accountability Office’s annual assessment of the Defense Department’s IT spending revealed that several programs lack approved cybersecurity strategies, leaving them vulnerable to potential cyberattacks. This article has been indexed from Cyware News – Latest Cyber News Read…
Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months
Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority…
Google Lines Up $23bn Swoop For Startup Wiz Security
Google is in talks to acquire security startup Wiz Security This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Lines Up $23bn Swoop For Startup Wiz Security
Malicious NuGet Campaign Tricking Developers To Inject Malicious Code
Hackers often target NuGet as it’s a popular package manager for .NET, which developers widely use to share and consume reusable code. Threat actors can distribute malicious code to many projects by compromising the NuGet packages. In August 2023, ReversingLabs…
ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution
ViperSoftX is an advanced malware that has become more complicated since its recognition in 2020, to the extent that eBooks are used on Torrent sites to spread across systems. Unlike other kinds of malware developers who mainly focus on developing…
Akira Ransomware Attacking Airline Industry With Legitimate Tools
Airlines often become the target of hackers as they contain sensitive personal and financial details of passengers as well as travel schedules and loyalty programs. Since airlines are attractive to threat actors, disrupting their operations can be quite damaging to…
ClickFix Deception: A Social Engineering Tactic to Deploy Malware
McAfee Labs has uncovered a unique malware delivery method called the “Clickfix” infection chain, which starts with users being directed to compromised websites and instructed to paste a script into a PowerShell terminal. This article has been indexed from Cyware…
Exein Raised $16.3 Million Series B to Stop Robotic Arms Going Haywire
Exein, a Rome-based startup, is addressing the critical issue of device security in the IoT space. The company recently secured €15 million (~$16.3 million) in a Series B funding round led by cybersecurity-focused VC 33N. This article has been indexed…
Threat Actor Claiming Breach of Coingecko Database, 1.9M Email Address
A threat actor has claimed responsibility for breaching the database of CoinGecko, a leading cryptocurrency data aggregator. The alleged breach has reportedly compromised 1.9 million email addresses, raising significant concerns about data security in the cryptocurrency industry. The Alleged Breach…
Beware Of Weaponized EBooks That Deliver AsyncRAT
EBooks are popular, and their popularity lucrative threat actors the most, as they are widely shared digital assets that can easily circumvent security measures. Threat actors exploit users’ trust in seemingly harmless documents by embedding malware in eBook files or…
DarkGate Malware Exploiting Excel Files And SMB File Shares
DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing various distribution methods, including email attachments, malicious ads, and compromised Samba shares. Initially a human-operated command-and-control infrastructure, DarkGate has evolved into a versatile tool offering remote…
Credential-Stealing OSS ‘Crystalray’ Attacks Jump 10X
Crystalray’s attack chain involves using various OSS tools for reconnaissance, scanning, and exploiting vulnerabilities. The group was first discovered in February using the “SSH-Snake” tool to exploit vulnerabilities in Atlassian Confluence. This article has been indexed from Cyware News –…
White House to Require Increased Cybersecurity Protocols for R&D Institutions
Federal research agencies will now require covered institutions to implement cybersecurity programs for research and development security due to threats from China. The goal is to increase awareness of security threats and enable apt responses. This article has been indexed…
Details of AT&T data breach and 1TB data steal belonging to Disney
Over the past few days, AT&T, a major American telecom company, has made headlines due to a sophisticated cyber-attack that exposed the details of over 109 million mobile customers dating back to 2022. According to updates received by our Cybersecurity…
The Growing Cyber Threat to Weather Predictions
In an increasingly interconnected world, where technology drives every facet of life, even the weather predictions we rely on may not be immune to cyber threats. The integration of advanced computer systems and data analytics has revolutionized meteorology, enabling more…
New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection
Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. “Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection,” Cybereason…
Protected OOXML Spreadsheets, (Mon, Jul 15th)
I was asked a question about the protection of an .xlsm spreadsheet. I've written before on the protection of .xls spreadsheets, for example in diary entries “Unprotecting Malicious Documents For Inspection” and “16-bit Hash Collisions in .xls Spreadsheets”; and blog…
Dark Gate malware campaign uses Samba file shares
A Dark Gate malware campaign from March-April 2024 demonstrates how attackers exploit legitimate tools and services to distribute malware. Palo Alto Networks Unit 42 researchers shared details about a DarkGate malware campaign from March-April 2024. Threat actors used Microsoft Excel…