Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. […]
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications.
These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive
These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive
Google Discloses Salesforce Hack
A Google Salesforce instance may have been targeted as part of a ShinyHunters campaign that hit several major companies.
The post Google Discloses Salesforce Hack appeared first on SecurityWeek.
New Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operations
A new post-exploitation command-and-control (C2) evasion method called ‘Ghost Calls’ abuses TURN servers used by conferencing apps like Zoom and Microsoft Teams to tunnel traffic through trusted infrastructure. […]
Hacker extradited to US for stealing $3.3 million from taxpayers
Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses. […]
PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins
Splunk researchers developed a system to fingerprint post-logon behavior, using AI to find subtle signals of intrusion.
The post PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins appeared first on SecurityWeek.
WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says
Meta linked these scams to a criminal scam center in Cambodia — and said it disrupted the campaign in partnership with ChatGPT maker OpenAI.
The post WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says appeared first on SecurityWeek.
Trend Micro Patches Apex One Vulnerabilities Exploited in Wild
Trend Micro has rushed to fix two Apex One zero-days that may have been exploited by Chinese threat actors.
The post Trend Micro Patches Apex One Vulnerabilities Exploited in Wild appeared first on SecurityWeek.
Microsoft Paid Out $17 Million in Bug Bounties in Past Year
Microsoft handed out $17 million in rewards to 344 security researchers through its bug bounty programs over the past year.
The post Microsoft Paid Out $17 Million in Bug Bounties in Past Year appeared first on SecurityWeek.
MFA matters… But it isn’t enough on its own
MFA blocks 99% of attacks—but weak passwords still let attackers in. Specops helps you enforce strong password policies and MFA everywhere, so one layer doesn’t undo the other. Book your free trial today. […]