A Well-Known Bug Bounty Platform Wants Zero-day Exploits for Windows VPN Clients
Zerodium is a premium bug bounty platform created by cybersecurity specialists with zero-day exploit and vulnerability research experience. The goal of Zerodium is to gather together independent security researchers to
Over 25% of Malicious JavaScript Is Being Obfuscated, Research Shows
According to a new study of over 10,000 malicious JavaScript samples, over 25% of the samples analyzed use JavaScript obfuscation methods to prevent detection and analysis. What Is Obfuscation? Obfuscation
Hackers are disguising their malicious JavaScript code with a hard-to-beat trick
Over 25% of malicious JavaScript code is obfuscated by so-called ‘packers’, a software packaging method that has given attackers a way of evading signature-based detection, according to security and content
Twitter Pulls Account After Argentinian Mega Breach Claims
Twitter Pulls Account After Argentinian Mega Breach Claims Twitter has suspended the account of an individual who claims to have obtained an ID card database covering the entire population of
Specialty Steel Works turns cyber skills into life skills
Specialty Steel Works Incorporated is no stranger to setting high standards as the leader in innovative steel solutions. That’s why they went straight to the top when implementing their new
False Government Websites Steal Private Financial Data, FBI warns
A warning comes from the FBI announcing that cybercriminals use new methods to collect financial data and personal information, making use of false websites posing as government platforms. Their goal
Microsoft, Intel and Goldman Sachs Team Up For New Supply Chain Security Initiative
Microsoft, Intel and Goldman Sachs Team Up For New Supply Chain Security Initiative Microsoft has teamed up with Intel and Goldman Sachs to push for hardware security improvements that could help
Security, remote work support top concerns amongst firms
Increasing adoption of hybrid work practices has pushed the need to enable and secure remote workers as a top challenge for IT managers. Security threats also have evolved amidst this
Supply chain attacks are the hacker's new favourite weapon. And the threat is getting bigger
Compromising a business supply chain is a key goal for cyber attackers, because by gaining access to a company that provides software or services to many other companies, it’s possible
LightBasin Operation Compromises 13 Global Telcos in Two Years
LightBasin Operation Compromises 13 Global Telcos in Two Years Researchers have uncovered a “highly sophisticated” two-year espionage campaign against global telcos that has already compromised 13 organizations. Dubbed “LightBasin” by
Case Study: How Can Heimdal™’s Next-Gen Antivirus Help You Stay Safe?
Business IT Plus has recently published a very interesting case study in which they explore the importance of having a good antivirus solution installed. Business IT Plus has been working
Cyber incident impact sits at over $500,000 for half of small to medium APAC businesses
Image: Cisco 51% of Asia Pacific small to medium-sized businesses that were hit with a cyber incident in the past year saw the cost of that incident exceed $500,000, according
CISA Releases Automotive Cybersecurity Guide
Trend Micro – US’s Cybersecurity and Infrastructure Security Agency (CISA) recently published the Autonomous Vehicle Security Guide, providing Transportation System Sector partners a comprehensive framework to understand cyber-physical threats related
Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services
The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and
Customer services firm Atento hit by cyberattack
Business process outsourcing (BPO) and customer relationship management multinational Atento has been hit by a cyberattack, with the greatest impact seen in Brazil, its largest operation in Latin America. The
Fresh APT Harvester Reaps Telco, Government Data
The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics. A previously unseen advanced persistent threat (APT) group dubbed Harvester by researchers
Apple iCloud Hacker Steals Nudes
Apple iCloud Hacker Steals Nudes A 40-year-old man from California has admitted his role in a conspiracy to break into the private digital photo libraries of Apple customers to locate
Twitter suspends hacker who allegedly stole data of 45 million Argentinians
Twitter has suspended a hacker who allegedly stole all of the data from Argentina’s database holding the IDs and information of all 45 million citizens of the country. A threat
Prison for UPMC Data Thief
Prison for UPMC Data Thief A hacker from Michigan who stole and sold the sensitive data of tens of thousands of University of Pittsburgh Medical Center (UPMC) employees has been
REvil ransomware gang goes dark after its Tor sites are hacked
In July 2021 the REvil ransomware group vanished due to mounting US pressure after the Kaseya attack. However, the group was back in September 2021 by carrying out extortion-based DDoS
Data Breach Hits US Dental Patients
Data Breach Hits US Dental Patients A cyber-attack on the vendor of a network of dental practices may have exposed the data of tens of thousands of patients. A cyber-criminal
Lyceum APT Returns, This Time Targeting Tunisian Firms
The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on
CISA says BlackMatter ransomware group behind recent attacks on agriculture companies
CISA, the FBI and NSA officially implicated the BlackMatter ransomware group in the recent attacks on two agriculture companies, confirming the assessments of some security researchers who said the gang
Duckduckgo vs Google: A Security Comparison and How to Maximize Your Privacy
Are you preoccupied with privacy? You’ve come to the right place. In today’s guide, I’ll go through everything you should know about Duckduckgo vs Google, how each of them works
A Guide to Doing Cyberintelligence on a Restricted Budget
Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment. For those in the industry, it comes as
Chinese VPN app Quickfox caught exposing 1 million users’ data
The Quickfox VPN is mainly used by Chinese citizens living abroad who need to access Chinese websites as most of these sites are geo-restricted. Wizcase’s team of ethical researchers, led
How to Stay Safe from BlackMatter Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) all provide data that can assist companies in defending against and
83% of ransomware victims paid ransom: survey
A new survey of 300 US-based IT decision makers found that 64% have been victims of a ransomware attack in the last 12 months and 83% of attack victims paid
83% of Ransomware Victims Pay the Demand
83% of Ransomware Victims Pay the Demand More than four in five (83%) ransomware victims in the last 12 months felt they had no option but to pay the extortion
What Is Privileged Account and Session Management (PASM)?
Privileged Account and Session Management (PASM) is a new PAM (Privileged Access Management) that focuses on privileged account monitoring and management for compliance, security, and data integrity purposes. Whereas PAM
Malicious Accounts that Targeted Security Researches Were Suspended by Twitter
Two malicious accounts used by threat actors in a seemingly North Korean cyber-espionage campaign were suspended by Twitter. The accounts under discussion are @lagal1990 and @shiftrows13 working as bait for
Halloween comes early for Syniverse, Facebook, and Twitch: What we can learn from their spooky outages plus breaches
It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way
Shared Responsibility Key to Protecting Critical Infrastructure
Shared Responsibility Key to Protecting Critical Infrastructure Protecting critical infrastructure from cyber-attacks requires adopting a shared responsibility model between vendors, network operators and governments, according to a panel speaking during
Watch out! Attackers Can Guess Your Credit Card PIN Even If You Are Covering the ATM Pad
Security experts have shown that a special-purpose deep-learning algorithm can be instructed to guess four-digit credit card PINs 41% of the time, even when the target is trying to cover
Feds Warn BlackMatter Ransomware Gang is Poised to Strike
An advisory by the CISA, FBI and NSA reveals hallmark tactics of and shares defense tips against the cybercriminal group that’s picked up where its predecessor DarkSide left off. Federal
Red teaming tutorial: Active directory pentesting approach and tools
Infosec Institute – There are a number of tools you should use when it comes to active directory (AD). Inveigh and responder as a start point Many new and legacy
FCC mulls over new rules demanding carriers block spam robot texts at network level
The US Federal Communications Commission (FCC) is due to consider a new proposal to clamp down on robot texts. On October 18, FCC Acting Chairwoman Jessica Rosenworcel unveiled a new
A China-aligned espionage group is targeting global telecoms, sweeping up call data dating back years
Written by AJ Vicens Oct 19, 2021 | CYBERSCOOP An advanced network of digital spies with a nexus to Chinese interests has successfully compromised parts of the global telecommunications network,
Harvester Malicious Group Is Going After Telcos
Researchers noticed a previously unknown state-sponsored actor that seems to be using a unique combination of tools in cyberattacks against South Asian telecommunications providers and IT corporations. The cybercrime group’s
US Authorities Issue BlackMatter Ransomware Alert
US Authorities Issue BlackMatter Ransomware Alert The US authorities have released more details on emerging ransomware group BlackMatter, which it says has already targeted multiple critical infrastructure providers in the
Ransomware Attacks Go On with One More Hit: Sinclair TV Stations Targeted
Sinclaire TV Stations known as Sinclair Broadcast Group published a press release yesterday where they announced the company being hit by a ransomware attack. It happened during the weekend, as
Israeli Hospitals Allegedly Targeted by Chinese Threat Actors
On Sunday, the National Cyber Directorate and Health Ministry in Israel declared it had noticed a dramatic increase in attacks conducted by ransomware threat actors over the weekend, which targeted
Twitter accounts linked to cyberattacks against security researchers suspended
Twitter has suspended accounts belonging to a North Korean hacking group targeting security researchers. The social media accounts, @lagal1990 and @shiftrows13, were suspended this month after “posing as security researchers,”
TA505 Gang Is Back With Newly Polished FlawedGrace RAT
TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages. The TA505 cybercrime group is whirring its financial rip-off
VPN Provider's Misconfiguration Exposes One Million Users
VPN Provider's Misconfiguration Exposes One Million Users At least one million users of a Chinese-run VPN service have had their personally identifiable information (PII) exposed due to a misconfigured Elasticsearch
UK in Midst of $200m Crypto Fraud Epidemic
UK in Midst of $200m Crypto Fraud Epidemic Victims of cryptocurrency fraud have already lost over £146m ($200m) so far this year, a double-digit increase over 2020 figures, according to
REvil ransomware operators claim group is ending activity again, victim leak blog now offline
Cybercriminals claiming to be part of the REvil ransomware group have alleged that the gang is closing shop after the group lost control of vital infrastructure and had internal disputes.
PurpleFox Adds New Backdoor That Uses WebSockets
Trend Micro – PurpleFox Adds New Backdoor That Uses WebSockets Cyber Threats In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox