In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc. This article has been indexed from Securelist Read the original article: IT threat evolution Q2 2024
Tag: EN
IT threat evolution in Q2 2024. Mobile statistics
The report gives statistics on mobile malware and unwanted software for Q2 2024, including mobile banking Trojans and ransomware. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2024. Mobile statistics
IT threat evolution in Q2 2024. Non-mobile statistics
This report presents statistics on PC threats for Q2 2024, including data on ransomware, miners, threats to macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2024. Non-mobile statistics
Blooms Today – 3,184,010 breached accounts
In April 2024, 15M records from the online florist Blooms Today were listed for sale on a popular hacking forum. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names,…
Novel Attack on Windows Spotted in Chinese Phishing Campaign
The malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary “runonce.exe,” giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration. This article has been indexed…
Roblox Developers Under Attack by New Malicious NPM Campaign
Roblox developers are being targeted by a new malicious npm campaign. Cybercriminals have created fake Roblox npm packages with the aim of deploying a remote access trojan called Quasar. This article has been indexed from Cyware News – Latest Cyber…
Secrets Exposed: Why Your CISO Should Worry About Slack
In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate…
TfL Claims Cyber-Incident is Not Impacting Services
London’s transport body, TfL, is playing down the impact of a cybersecurity incident on its services This article has been indexed from www.infosecurity-magazine.com Read the original article: TfL Claims Cyber-Incident is Not Impacting Services
Brazilian Supreme Court Upholds X Ban
Brazilian Supreme Court justices uphold ban on X amidst row over banned accounts and compliance with court orders This article has been indexed from Silicon UK Read the original article: Brazilian Supreme Court Upholds X Ban
Three men plead guilty to running MFA bypass service OTP.Agency
Three men have pleaded guilty to operating OTP.Agency, an online service that allowed crooks to bypass Multi-Factor authentication (MFA). Three men, Callum Picari (22), Vijayasidhurshan Vijayanathan (21), and Aza Siddeeque (19), have pleaded guilty to operating OTP.Agency, an online platform…
Potential Ransomware Threat to Transport for London
Transport for London (TfL) recently experienced a cyber-attack that disrupted its digital operations. Fortunately, initial assessments indicate that no data breaches occurred, and the system is expected to recover using backup resources. Both the National Crime Agency and the National…
How Cyber Attacks can be a blessing to those buying cybersecurity stocks
In an increasingly digital world, the rise of cyber-attacks has become a pressing concern for organizations across all sectors. While these attacks wreak havoc on businesses and disrupt everyday operations, they have inadvertently created a lucrative opportunity for investors in…
Explaining the OWASP API Security Top 10
Any company that employs APIs can tell you that they’re the glue that holds all things together, the hub that simplifies and scales digital growth. However, not all can tell you how to protect them. And that’s a problem. Thankfully,…
Major Data Breaches: Toronto Schools, TDECU, and Columbus Hacked: Cyber Security Today for Tuesday, September 3rd, 2024
In this episode of Cyber Security Today, host Jim Love delves into recent data breaches affecting the Toronto District School Board, Texas Dow Employees Credit Union, and the city of Columbus. Discover details on the ransomware attacks, the compromised…
SLOW#TEMPEST Campaign Targets Chinese Users with Advanced Tactics
A sophisticated cyber campaign, dubbed SLOW#TEMPEST, has been uncovered by the Securonix Threat Research team, targeting Chinese-speaking users. The attack, characterized by the deployment of Cobalt Strike payloads, managed to evade detection for over two weeks, demonstrating the malicious actors’…
Managing low-code/no-code security risks
Continuous threat exposure management (CTEM) – a concept introduced by Gartner – monitors cybersecurity threats continuously rather than intermittently. This five-stage framework (scoping, discovery, prioritization, validation, and mobilization) allows organizations to constantly assess and manage their security posture, reduce exposure…
New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework.…
The attack with many names: SMS Toll Fraud
Bad actors leverage premium-rate phone numbers and bots to steal billions of dollars from businesses. In this Help Net Security video, Frank Teruel, CFO at Arkose Labs, discusses how to spot and stop them. The post The attack with many…
How ransomware tactics are shifting, and what it means for your business
In this Help Net Security interview, Tim West, Director of Threat Intelligence and Outreach at WithSecure, discusses Ransomware-as-a-Service (RaaS) with a focus on how these cybercriminal operations are adapting to increased competition, shifting structures, and a fragmented ecosystem. West talks…
A third of organizations suffered a SaaS data breach this year
While SaaS security is finally getting the attention it deserves, there’s still a significant gap between intent and implementation. Ad hoc strategies and other practices still fall short of a security program. The move toward decentralization has generated confusion over…