Sep 26, 2024Ravie LakshmananCyber Espionage / Mobile Security As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over…
Sep 26, 2024Ravie LakshmananCloud Security / Cyber Espionage An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure…
Sep 26, 2024Ravie LakshmananCyber Espionage / Hacking Nation-state threat actors backed by Beijing broke into a “handful” of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information,…
Sep 25, 2024Ravie LakshmananSecure Coding / Mobile Security Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered…
Sep 25, 2024Ravie LakshmananData Protection / Online Tracking Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling…
Sep 25, 2024Ravie LakshmananPenetration Testing / Cyber Threat Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after…
Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it’s too late. See these key indicators that security experts use to…
Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of…
Sep 25, 2024Ravie LakshmananArtificial Intelligence / Vulnerability A now-patched security vulnerability in OpenAI’s ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool’s…
Sep 25, 2024Ravie LakshmananEmail Security / Threat Intelligence Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs).…