In this report, we introduce key concepts and analyse the different crypter-related activities and the lucrative ecosystem of threat groups leveraging them in malicious campaigns. La publication suivante The Architects of Evasion: a Crypters Threat Landscape est un article de…
Tag: EN
New Python-Based Snake Info Stealer Spreading Through Facebook Messages
Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and…
Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers
A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this…
CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS memory corruption vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Apple…
Online Trade (Онлайн Трейд) – 3,805,265 breached accounts
In September 2022, the Russian e-commerce website Online Trade (Онлайн Трейд) suffered a data breach that exposed 3.8M customer records. The data included email and IP addresses, names, phone numbers, dates of birth and MD5 password hashes. This article has…
Say Goodbye to Manual AppSec Overhead: Unleashing the Power OX’s Automated No-Code Workflows
Last month, we unveiled our Active ASPM Platform which includes our newest feature, no-code automation workflows. OX has established itself as a frontrunner in automating the discovery, analysis, and prioritization of security risks throughout the entire software supply chain, earning…
How to implement an Information Security Management System (ISMS)
We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the 3rd step in implementing the requirements of the directive is to establish a cybersecurity framework. If you haven’t read what a cybersecurity framework means, then you should read article: https://www.sorinmustaca.com/demystifying-cybersecurity-terms-policy-standard-procedure-controls-framework/ . An ISMS is…
PetSmart warns of Active Password Cracking Attacks
PetSmart, Inc. is a renowned retail chain operating in the United States, Canada, and Puerto Rico. It offers a comprehensive range of pet products and services such as pet supplies, grooming, training, and in-store adoptions. PetSmart prides itself on being…
VMware urges emergency action to blunt hypervisor flaws
Critical vulns in USB under ESXi and desktop hypervisors found by Chinese researchers at cracking contest Hypervisors are supposed to provide an inviolable isolation layer between virtual machines and hardware. But hypervisor heavyweight VMware by Broadcom yesterday revealed its hypervisors…
Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption
By cyberwire Paris, France, March 7th, 2024, Cyberwire Company Open Sources FHE Libraries to Build Privacy-Preserving Blockchain and AI Applications… This is a post from HackRead.com Read the original post: Zama Raises $73M in Series A Lead by Multicoin Capital…
US lawmakers want ByteDance to divest TikTok or face a ban
The American mind must not be at the mercy of Chinese algorithms A group of US lawmakers introduced legislation on Tuesday that, if passed, would force Chinese internet concern ByteDance to divest TikTok – its most valuable property – or…
Here’s something else AI can do: expose bad infosec to give cyber-crims a toehold in your organization
Singaporean researchers note rising presence of ChatGPT creds in Infostealer malware logs Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 stealer logs containing…
Today’s biggest AI security challenges
98% of companies surveyed view some of their AI models as vital for business success, and 77% have experienced breaches in their AI systems over the past year, according to HiddenLayer. The report surveyed 150 IT security and data science…
Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware
Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Remote…
Cyber Attack on Canada FINTRAC and IBM Cyber Attack response training
FINTRAC Canada targeted by a cyber attack FINTRAC, Canada’s financial intelligence agency, has fallen victim to a cyber attack, prompting the shutdown of its computer networks. While the servers of the federal agency have been taken offline, assurances have been…
Tazama: Open-source real-time fraud management
Tazama is an open-source platform focused on improving fraud management within digital payment systems. Tazama marks a substantial transformation in the approach to financial monitoring and compliance worldwide. Previously, the financial sector struggled with proprietary solutions that were both expensive…
Delving into Dalvik: A Look Into DEX Files
During the analysis of a banking trojan sample targeting Android smartphones, Mandiant identified the repeated use of a string obfuscation mechanism throughout the application code. To fully analyze and understand the application’s functionality, one possibility is to manually decode the…
Major shifts in identity, ransomware, and critical infrastructure threat trends
In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how these shifts…
How to Adopt Phishing-Resistant MFA
In a recent blog post, we discussed what phishing-resistant multi-factor authentication (MFA) is and why… The post How to Adopt Phishing-Resistant MFA appeared first on Axiad. The post How to Adopt Phishing-Resistant MFA appeared first on Security Boulevard. This article…
A cybercriminal is sentenced, will it make a difference?
The darknet is home to many underground hacking forums in which cybercriminals convene, freely sharing stories, tactics, success stories and failures. Their unguarded discussions allow our team to peek into the politics and ethics behind recent adversary activities. The threat…