Cyber Security

Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. “This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys),”

According to folklore, witches were able to sail in a sieve, a strainer with holes in the bottom. Unfortunately, witches don’t work in cybersecurity – where networks generally have so many vulnerabilities that they resemble sieves. For most of us, keeping the sieve of our networks afloat requires nightmarishly hard work and frequent compromises on

A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. “The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as ‘Viper,'” Cluster25 said in a report published last week. “The target

Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an “early look” at the SDK Runtime and Topics API to boost users’ privacy online. “The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of

Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the “largest HTTPS DDoS attacks on record.” “HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing

Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021. That’s according to a “Top Routinely Exploited Vulnerabilities” report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the U.K., and the

A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. “When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that’s under active development. “Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct

India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. “Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents […] to CERT-In within six hours

At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country. “Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. “By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular

You’ve been asked for a Vulnerability Assessment Report for your organisation and for some of you reading this article, your first thought is likely to be “What is that?” Worry not. This article will answer that very question as well as why you need a Vulnerability Assessment Report and where you can get one from.

A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET

Elon Musk, CEO of SpaceX and Tesla and Twitter’s new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform’s direct messages (DM) feature. “Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages,” Musk said in a tweet. The statement

A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. “The war in

Bad actors continuously evolve their tactics and are becoming more sophisticated. Within the past couple of years, we’ve seen supply chain attacks that quickly create widespread damage throughout entire industries. But the attackers aren’t just focusing their efforts on supply chains. For example, businesses are becoming increasingly more reliant on SaaS apps and the cloud

The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. “These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act,” the State Department’s Rewards for

The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape, accounting for 19%

The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a “departure” from the group’s typical

An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE