British EDR vendor Sophos details a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hackers.
The post Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days appeared first on SecurityWeek.
New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics
Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up.
“While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ
“While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ
Microsoft fixes Windows 10 bug causing apps to stop working
Microsoft has fixed a known issue that prevents some apps launched from non-admin accounts from starting on Windows 10 22H2 systems after installing the September preview cumulative update. […]
LottieFiles Issues Warning About Compromised “lottie-player” npm Package
LottieFiles has revealed that its npm package “lottie-player” was compromised as part of a supply chain attack, prompting it to release an updated version of the library.
“On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code,” the company said in a
“On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code,” the company said in a
Over a thousand online shops hacked to show fake product listings
A phishing campaign dubbed ‘Phish n’ Ships’ has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items. […]
Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution
Yahoo researchers found nearly a dozen vulnerabilities in OpenText’s NetIQ iManager and some could have been chained for unauthenticated RCE.
The post Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution appeared first on SecurityWeek.
Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket
Sysdig researchers trace a bizarre S3 bucket misconfiguration to EmeraldWhale, exposing 1.5 terabytes of stolen credentials and script.
The post Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket appeared first on SecurityWeek.
Mystic Valley Elder Services Data Breach Impacts 87,000 People
Mystic Valley Elder Services detected a security breach in April and now says files containing personal information may have been stolen.
The post Mystic Valley Elder Services Data Breach Impacts 87,000 People appeared first on SecurityWeek.
Designing a Future-focused Cybersecurity Investment Strategy
CISOs must attempt to define a strategic approach to technology investment that will protect the business over the long term.
The post Designing a Future-focused Cybersecurity Investment Strategy appeared first on SecurityWeek.
Cynet delivers 426% ROI in Forrester Total Economic Impact Study
A commissioned study conducted by Forrester Consulting on behalf of Cynet in October 2024 found that Cynet’s All-in-One Cybersecurity Platform generated $2.73 million in savings, paying for itself in under six months, for a return on investment of 426%. […]