Category: Information Security Buzz

A malicious package on the Python Package Index (PyPi) has been quietly exfiltrating Amazon Web Service credentials from developers for over three years, a new report from cybersecurity researchers at Socket has revealed.  The package “fabrice” is a typosquat of the…

Read more →

In this era of advanced technology, cyber threats are on the rise, and they’re evolving with cutting-edge finesse. As we continue to witness a rise in the frequency and sophistication of cyber-attacks, recent hacker incursions into high-profile enterprises like Equifax, Uber, Facebook, and Capital…

Read more →

Despite the recent takedown of the RedLine malware variant and a crackdown on “problematic” Telegram content, the credential abuse market is as vibrant as ever. This was revealed by new research from ReliaQuest. According to the company, cybercriminals appear undeterred by…

Read more →

Check Point Research has uncovered a sophisticated phishing campaign that uses a newly updated version of the Rhadamanthys Stealer, a notorious malware that steals sensitive data from infected systems. The campaign, identified as “Rhadamanthys.07,” deceives victims through emails that appear…

Read more →

For decades, businesses have employed penetration testing, simulating cyberattacks on their IT systems—to uncover vulnerabilities that hackers could exploit. Traditionally, this process was manual, requiring skilled professionals to probe defenses meticulously, look for any chink in the security armor, and…

Read more →

A new malware strain, Winos4.0, is actively used in cyberattack campaigns. Discovered by FortiGuard Labs, this advanced malicious framework, which evolved from the infamous Gh0strat, is equipped with modular components enabling a range of malicious activities on compromised devices. These…

Read more →

Software supply chain company JFrog revealed on Monday that it had discovered 22 software vulnerabilities across 15 machine learning-related open-source software projects. The results, presented in JFrog’s latest ML Bug Bonanza blog, shed light on the security challenges organizations face…

Read more →

A new investigation by the consumer advocacy group Which? reveals a worrying trend: everyday smart devices, from air fryers to televisions, are collecting excessive amounts of user data, often with no clear explanation or transparency on how it will be…

Read more →

In a move to improve account security, Google Cloud has announced that it will require multi-factor authentication (MFA) for all users worldwide by the end of 2025. This decision aims to enhance security, especially as cloud environments become increasingly vulnerable…

Read more →

We all know CISA as the governing agency for federal cybersecurity and the national operating hub for critical infrastructure security. But what are the free critical cyber hygiene services provided by the Cybersecurity and Infrastructure Security Agency (CISA), and how…

Read more →

In a major breakthrough, Google’s AI-powered research tool, Big Sleep, discovered a vulnerability in SQLite, one of the most widely used database engines in the world. The Google Project Zero and Google DeepMind teams recently shared this milestone in an…

Read more →

Attackers are leveraging DocuSign’s API to distribute authentic-looking invoices at scale, exploiting legitimate business channels to bypass traditional security measures. Using paid DocuSign accounts and customized templates, malefactors mimic reputable companies, such as Norton, to send convincing invoices through the…

Read more →

In July 2024, the City of Columbus, Ohio, experienced a ransomware attack that exposed the personal information of approximately 500,000 residents. While officials quickly took systems offline to contain the incident and reported halting the attack before ransomware encryption could…

Read more →

Artificial Intelligence (AI) and Application Programming Interfaces (APIs) are integral to technological advancement in today’s digital age. As gateways allowing different software applications to communicate, APIs are crucial in AI’s evolution, powering everything from cloud computing to machine learning models.…

Read more →

The need for robust cybersecurity measures has never been greater in a time when cyber threats are evolving rapidly, and breaches have become an inevitability for businesses in every sector. Managing this complex threat landscape requires advanced solutions and skilled experts who…

Read more →

Mobile security company Zimperium’s zLabs team has uncovered an advanced variant of the FakeCall malware that employs “Vishing” (voice phishing) to deceive mobile users into sharing sensitive information, such as login credentials and banking details. This sophisticated malware campaign highlights…

Read more →

Since August last year, Microsoft has identified a surge in intrusion activity with attackers using sophisticated password spray techniques to steal credentials from multiple customers. The company has linked this wave of attacks to a network of compromised devices known…

Read more →

Cyber threats are evolving at an unprecedented pace.  AI-driven malware, sophisticated phishing schemes, and adaptive attack methods are outmaneuvering standard security measures. Traditional defenses are no longer sufficient. Businesses need an invisible shield that offers comprehensive, proactive protection to stay…

Read more →

VIPRE Security Group’s Q3 2024 Email Threat Trends Report reveals the increasing sophistication of email-based threats, particularly business email compromise (BEC) and malspam campaigns, which have intensified across industries. Analyzing 1.8 billion emails globally, of which 208 million were identified…

Read more →

Microsoft Threat Intelligence has issued an alert following the detection of a sophisticated spear-phishing campaign orchestrated by the Russian threat actor known as Midnight Blizzard. Active since 22 October this year, this operation has distributed spear-phishing emails aimed at government…

Read more →