The US Treasury has designated individuals and entities associated with Predator spyware developer, Intellexa This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sanctions Predator Spyware Maker Intellexa
Tag: EN
Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)
Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild. CVE-2024-23225 and CVE-2024-23296 On Tuesday, Apple released security updates for all three supported branches of iOS and iPadOS. iOS and iPadOS 17.4 carry fixes for…
US Sanctions Predator Spyware-Maker Intellexa
The US Treasury has designated individuals and entities associated with Predator spyware developer, Intellexa This article has been indexed from www.infosecurity-magazine.com Read the original article: US Sanctions Predator Spyware-Maker Intellexa
Scanning and abusing the QUIC protocol, (Wed, Mar 6th)
The QUIC protocol has slowly (pun intended) crawled into our browsers and many other protocols. Last week, at BSides Zagreb I presented some research I did about applications using (and abusing) this protocol, so it made sense to put this…
LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage
The wide torrent-based accessibility of these leaked victim files ensures the longevity of LockBit 3.0’s harmful impact. While embattled ransomware gang LockBit 3.0 fights for its survival following Operation Cronos, a coordinated takedown of the syndicate’s web infrastructure by global…
Hackers Install macOS Malware Using Weaponised Calendar Invites
Hackers use weaponized calendar invites to exploit vulnerabilities in email systems, tricking users into clicking on malicious links or downloading malware disguised as event attachments. By leveraging trust in calendar invitations, threat actors increase the likelihood of successful phishing attacks…
The Financial Sector Is Refocusing on Cybersecurity
In 2024, transformation is reshaping industries, and the financial sector stands at a crucial juncture. The Softcat Business Tech Priorities Report , a comprehensive survey encompassing over 4,000 customers across various sectors, sheds light on this transformation. Significantly, cybersecurity has…
Chip lobby group SEMI to EU: Export restrictions should only be used in self-defense
Please don’t scare away foreign investors – who do you think pays for this stuff? SEMI, an industry association representing 3,000 chip vendors, would really appreciate it if the European Union would back off plans to impose export controls on…
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws
VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB…
U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists
The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, journalists, and policy…
NIS2: 2.Designate a responsible person or team
We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the second step in implementing NIS2 requirements is to designate a responsible person or team. Appointing an individual or a team responsible for overseeing the implementation of the NIS2 directive within your company is critical to…
Hackers use Zoom & Google Meet Lures to Attack Android & Windows users
A threat actor has been identified as creating fraudulent Skype, Google Meet, and Zoom websites to distribute malware, explicitly targeting Android and Windows users. This article delves into the details of this malicious campaign and explains how users can identify…
New APT Group ‘Lotus Bane’ Behind Recent Attacks on Vietnam’s Financial Entities
A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that’s believed to have been active…
Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan…
Project DDoSia – Russian Hackers Planning a Massive DDoS Attack
Hackers launch large-scale DDoS attacks to disrupt and make online services inaccessible, driven by motives like revenge or protest, flooding targets with massive amounts of traffic to disable websites. Recently, the cybersecurity researchers at Sekoia identified that the Russian hacker…
From Prep to Pass, Scytale Launches Its Built-In Audit, Transforming It Into The Complete Compliance Hub for SaaS
Scytale’s built-in audit enables customers to track their audit progress, receive updates in real-time, and communicate with their auditor. The post From Prep to Pass, Scytale Launches Its Built-In Audit, Transforming It Into The Complete Compliance Hub for SaaS appeared…
Facebook and Instagram down by Cyber Attack
Shortly after millions of Facebook and Instagram users encountered difficulties accessing their accounts, speculation quickly arose that a state-funded cyberattack might be to blame. Mark Zuckerberg, fresh from a vacation in India, promptly took to Twitter, now X, to assure…
Safeguarding Your Digital Reputation: Best Practices for Secure Data Erasure
In today’s interconnected world, maintaining a pristine digital reputation is paramount. Whether you’re an individual, a business, or an organization, the risk of cyber embarrassment stemming from leaked or improperly disposed of data looms large. From personal photos and sensitive…
Hackers Exploit WordPress Plugin Flaw to Deploy Godzilla Web Shell
Hackers have been found exploiting a vulnerability in a WordPress Plugin 3DPrint Lite(CVE-2021-4436) to deploy the notorious Godzilla Web Shell. This malicious activity significantly threatens website security and data integrity, prompting concerns among cybersecurity experts and website administrators worldwide. Cybercriminals…
5 ways to keep API integrations secure
API integrations often handle sensitive data, such as employees’ personally identifiable information (PII), companies’ financial information, or even clients’ payment card data. Keeping this data safe from attackers—while ensuring that the integrations perform at the desired level—requires adopting several security…