The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka “Log4Shell,” this time to deploy three previously unseen malware families written in DLang. […]
Counter-Strike 2 HTML injection bug exposes players’ IP addresses
Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players’ IP addresses. […]
Apple emergency updates fix recent zero-days on older iPhones
Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. […]
Cold storage giant Americold discloses data breach after April malware attack
Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. […]
Toyota warns customers of data breach exposing personal, financial info
Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. […]
Kelvin Security hacking group leader arrested in Spain
The Spanish police have arrested one of the alleged leaders of the ‘Kelvin Security’ hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020. […]
Researchers Unmask Sandman APT’s Hidden Link to China-Based KEYPLUG Backdoor
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that’s known to use a backdoor known as KEYPLUG.
The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary’s Lua-based malware LuaDream and KEYPLUG have been
The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary’s Lua-based malware LuaDream and KEYPLUG have been
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans
The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts.
Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based
Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based
Playbook: Your First 100 Days as a vCISO – 5 Steps to Success
In an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a vCISO, come in. You are the person who will establish, develop, and solidify the organization’s cybersecurity infrastructure, blending strategic guidance with actionable
SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users
Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times.
“Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and
“Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and