Cybercriminals are abusing DocuSign APIs to send bogus email messages that bypass protections such as spam and phishing filters.
The post DocuSign Abused to Deliver Fake Invoices appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 37 Deals Announced in October 2024
Roundup of the thirty-seven cybersecurity-related merger and acquisition (M&A) deals announced in October 2024.
The post Cybersecurity M&A Roundup: 37 Deals Announced in October 2024 appeared first on SecurityWeek.
New Android Banking Malware ‘ToxicPanda’ Targets Users with Fraudulent Money Transfers
Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions.
“ToxicPanda’s main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF),” Cleafy researchers Michele Roviello, Alessandro Strino
“ToxicPanda’s main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF),” Cleafy researchers Michele Roviello, Alessandro Strino
Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks
Google warns of the limited, targeted exploitation of two vulnerabilities resolved with the latest Android security update.
The post Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks appeared first on SecurityWeek.
Researcher Discloses 36 Vulnerabilities Found in IBM Security Verify Access
Attackers could have exploited IBM Security Verify Access vulnerabilities to compromise the entire authentication infrastructure.
The post Researcher Discloses 36 Vulnerabilities Found in IBM Security Verify Access appeared first on SecurityWeek.
Leveraging Wazuh for Zero Trust security
Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after
Schneider Electric Launches Probe After Hackers Claim Theft of User Data
Hackers claim to have stolen sensitive information, including user data, after breaching Schneider Electric’s Jira system.
The post Schneider Electric Launches Probe After Hackers Claim Theft of User Data appeared first on SecurityWeek.
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution.
Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager.
RISK:STATION is an “
Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager.
RISK:STATION is an “
Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware.
The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few
The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few
Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year.
The individual in question, Alexander “Connor” Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the
The individual in question, Alexander “Connor” Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the