Pathlock intorduced its SAP application and data security product suite, Cybersecurity Application Controls (CAC). The release is part of Pathlock’s vision to help SAP customers establish a zero-risk approach to identity and application access by implementing strong controls and monitoring…
Category: EN
Hackers Abuse QEMU Hardware Emulator for Stealthy C2 Communication
QEMU is an open-source platform that provides a secure and private virtualized space for trying out malicious codes, exploits, and attacks on their own environments. This controlled testing ground minimizes the risk of detection and legal matters. Moreover, QEMU…
225,000+ ChatGPT Credentials Up For Sale on Dark Web Markets
A prominent cybersecurity technology creator, has released its latest report, “Hi-Tech Crime Trends 2023/2024,” highlighting critical global cyber threats. The report reveals a concerning trend where over 225,000 compromised ChatGPT credentials are being sold on dark web markets, posing security…
Safeguarding EU elections amidst cybersecurity challenges
Preluding 2024 EU elections, the NIS Cooperation Group with the support of the EU Agency for Cybersecurity (ENISA), the European Commission and the European External Action Service updated the compendium on elections cybersecurity. This article has been indexed from News…
Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign
A new threat actor has been observed by Zscaler distributing remote access Trojans (RATs) via online meeting lures This article has been indexed from www.infosecurity-magazine.com Read the original article: Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign
How to Find and Fix Risky Sharing in Google Drive
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn’t anyone’s fault; it’s inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally. …
US Sanctions Predator Spyware Maker Intellexa
The US Treasury has designated individuals and entities associated with Predator spyware developer, Intellexa This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sanctions Predator Spyware Maker Intellexa
Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)
Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild. CVE-2024-23225 and CVE-2024-23296 On Tuesday, Apple released security updates for all three supported branches of iOS and iPadOS. iOS and iPadOS 17.4 carry fixes for…
US Sanctions Predator Spyware-Maker Intellexa
The US Treasury has designated individuals and entities associated with Predator spyware developer, Intellexa This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sanctions Predator Spyware-Maker Intellexa
Scanning and abusing the QUIC protocol, (Wed, Mar 6th)
The QUIC protocol has slowly (pun intended) crawled into our browsers and many other protocols. Last week, at BSides Zagreb I presented some research I did about applications using (and abusing) this protocol, so it made sense to put this…
LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage
The wide torrent-based accessibility of these leaked victim files ensures the longevity of LockBit 3.0’s harmful impact. While embattled ransomware gang LockBit 3.0 fights for its survival following Operation Cronos, a coordinated takedown of the syndicate’s web infrastructure by global…
Hackers Install macOS Malware Using Weaponised Calendar Invites
Hackers use weaponized calendar invites to exploit vulnerabilities in email systems, tricking users into clicking on malicious links or downloading malware disguised as event attachments. By leveraging trust in calendar invitations, threat actors increase the likelihood of successful phishing attacks…
The Financial Sector Is Refocusing on Cybersecurity
In 2024, transformation is reshaping industries, and the financial sector stands at a crucial juncture. The Softcat Business Tech Priorities Report , a comprehensive survey encompassing over 4,000 customers across various sectors, sheds light on this transformation. Significantly, cybersecurity has…
Chip lobby group SEMI to EU: Export restrictions should only be used in self-defense
Please don’t scare away foreign investors – who do you think pays for this stuff? SEMI, an industry association representing 3,000 chip vendors, would really appreciate it if the European Union would back off plans to impose export controls on…
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws
VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB…
U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists
The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, journalists, and policy…
NIS2: 2.Designate a responsible person or team
We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the second step in implementing NIS2 requirements is to designate a responsible person or team. Appointing an individual or a team responsible for overseeing the implementation of the NIS2 directive within your company is critical to…
Hackers use Zoom & Google Meet Lures to Attack Android & Windows users
A threat actor has been identified as creating fraudulent Skype, Google Meet, and Zoom websites to distribute malware, explicitly targeting Android and Windows users. This article delves into the details of this malicious campaign and explains how users can identify…
New APT Group ‘Lotus Bane’ Behind Recent Attacks on Vietnam’s Financial Entities
A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that’s believed to have been active…
Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan…