Attackers are using malicious Excel files with VBA macros to deploy DLLs and ultimately install Cobalt Strike on compromised Windows machines, which use obfuscation and target specific processes to avoid detection by antivirus software. The attacks appear to target Ukrainian…
Category: EN
Microsoft Details AI Jailbreaks And How They Can Be Mitigated
Generative AI systems comprise several components and models geared to enhancing human interactions with the system. However, while being as realistic and useful as possible, these models are protected by defense layers against generating misuse or inappropriate content against the…
ESAs and ENISA sign a Memorandum of Understanding to strengthen cooperation and information exchange
The European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) today announced that they have concluded a multilateral Memorandum of Understanding (MoU) to strengthen cooperation and information exchange with the European Union Agency for Cybersecurity (ENISA). This article has…
Appdome SDKProtect reduces third-party mobile supply chain risk
Appdome released a new mobile SDK protection and mobile threat streaming service, called Appdome SDKProtect. Appdome SDKProtect is designed to end third-party, mobile supply chain risk and democratize mobile threat intelligence and telemetry data among mobile SDK developers. The new…
How Hackers Using Packers To Hide Malware & Bypass Defenses
Hackers use packers maliciously to make their code difficult to recognize, as most antivirus programs are coded to be able to recognize these packers. The packers initialize and encrypt the original malware payload into a new form, which is hard…
Darkcrystal RAT Malware Attacking Government Officials Via Signal Messenger
Cybersecurity experts have discovered that the widely used messaging application Signal is being exploited to deliver DarkCrystal RAT malware to high-profile targets, including government officials, military personnel, and representatives of defense enterprises in Ukraine. The Infection Process According to a…
Zyxel addressed three RCEs in end-of-life NAS devices
Zyxel Networks released an emergency security update to address critical vulnerabilities in end-of-life NAS devices. Zyxel Networks released an emergency security update to address three critical flaws in some of its NAS devices that have reached end-of-life. An attacker can…
N2WS launches cross-cloud volume restore for AWS and Azure
N2WS has introduced several new features to its cloud-native backup and disaster recovery (BDR) platform to help enterprises and managed service providers (MSPs) with combatting the increasing number of cybersecurity attacks on organizations while also ensuring data sovereignty, enhancing data…
#Infosec2024: Tackling Cyber Challenges of AI-Generated Code
If software developers want to benefit from AI-generated code tools, they must mitigate some of the risks they could bring first, Synopsys’ Lucas von Stockhausen said at Infosecurity Europe This article has been indexed from www.infosecurity-magazine.com Read the original article:…
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models
Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating…
Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs
Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover…
TikTok faces cyber attack but only few celebrities and brands impacted
TikTok, the video-sharing platform that previously faced bans in the United States over data privacy concerns, encountered a cyber attack on a recent note. However, according to the company, the impact was minimal, primarily affecting a few brands and celebrities.…
Unveiling the Mechanics of Offline Data Theft: How Your Information Can Be Compromised Beyond the Digital Realm
In an increasingly digital world, where concerns about online data security are rampant, it’s easy to overlook the vulnerabilities that exist offline. While much attention is rightfully directed towards protecting data in the virtual space, offline data theft remains a…
Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn’t need a fix, just better documentation
Let customers interfere with other tenants? That’s our cloud working by design, Redmond seems to say A vulnerability — or just Azure working as intended, depending on who you ask — in Microsoft’s cloud potentially allows miscreants to wave away…
Command Senior Chief Convicted For Setting Up Wi-Fi On US Navy Combat Ship
The former command senior chief of the littoral combat ship Manchester’s gold crew, Senior Chief Grisel Marrero, has been convicted at a court-martial for installing an unauthorized Wi-Fi system aboard the ship and subsequently lying about it to her superiors.…
Breaking a Password Manager
Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013…
Developers Beware Of Malicious npm Package Delivers Sophisticated RAT
Hackers have multiple reasons for abusing malicious npm packages, as they can first use popular open-source libraries as a medium for distributing malware or backdoors without the users’ knowledge. Secondly, allow threat actors to penetrate into developers’ and agencies’ networks…
No summer break for cybercrime: Why educational institutions need better cyber resilience
The education system isn’t equipped to handle today’s cyberthreats. I’m not just talking about cybersecurity education in schools shaping the technical workforce of the future – America’s schools themselves are prime targets for cybercrime today. In fact, according to some…
How AI-powered attacks are accelerating the shift to zero trust strategies
In this Help Net Security interview, Jenn Markey, Advisor to The Entrust Cybersecurity Institute, discusses the increasing adoption of enterprise-wide zero trust strategies in response to evolving cyber threats. Markey discusses the impact of emerging threats like AI-generated deepfakes and…
Find out which cyber threats you should be concerned about
This article includes excerpts from various reports that offer statistics and insights into the current cyber threat landscape. Human error still perceived as the Achilles’ heel of cybersecurity Proofpoint | 2024 Voice of the CISO | May 2024 Human error…