brangberg – Page 1100

New ICS Malware ‘FrostyGoop’ Targeting Critical Infrastructure

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January.
Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop, describing it as the first malware strain to directly use Modbus TCP

Telegram Zero-Day Enabled Malware Delivery

The EvilVideo zero-day vulnerability in Telegram for Android allowed threat actors to send malicious files disguised as videos.

The post Telegram Zero-Day Enabled Malware Delivery appeared first on SecurityWeek.

What to Know About the Kids Online Safety Act and Its Chances of Passing

Everything about the Kids Online Safety Act (KOSA): who supports it, who opposes it, and its chances of passing in Congress.

The post What to Know About the Kids Online Safety Act and Its Chances of Passing appeared first on SecurityWeek.

How to Securely Onboard New Employees Without Sharing Temporary Passwords

The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks.
Traditionally, IT departments have been cornered into either sharing passwords in plain text via email or SMS, or arranging in-person meetings to verbally communicate these

Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information.
The sneaky technique, observed by Sucuri on a Magento e-commerce site’s checkout page, allowed the malware to survive multiple cleanup attempts, the company said.
The skimmer is designed to capture all the data into the credit card form on the

Law Enforcement Disrupts DDoS-for-Hire Service DigitalStress

Authorities in the UK infiltrated and disrupted the DDoS-for-hire service DigitalStress, and one suspect was arrested.

The post Law Enforcement Disrupts DDoS-for-Hire Service DigitalStress appeared first on SecurityWeek.

Meta Given Deadline to Address E.U. Concerns Over ‘Pay or Consent’ Model

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its “pay or consent” advertising model or risk-facing enforcement measures, including sanctions.
The European Commission said the Consumer Protection Cooperation (CPC) Network has notified the social media giant of the model adopted on Facebook and Instagram of potentially violating

FrostyGoop ICS Malware Left Ukrainian City’s Residents Without Heating

The FrostyGoop ICS malware was used recently in an attack against a Ukrainian energy firm that resulted in loss of heating for many buildings.

The post FrostyGoop ICS Malware Left Ukrainian City’s Residents Without Heating appeared first on SecurityWeek.

Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware

The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY.
The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information using

Wiz to Pursue IPO as It Walks Away From $23 Billion Google Deal

Cloud security giant Wiz will stick to its original plan and pursue an IPO, walking away from a $23 billion deal with Google.

The post Wiz to Pursue IPO as It Walks Away From $23 Billion Google Deal appeared first on SecurityWeek.

Author: brangberg