FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure ‘pen-testing’ company. The financially motivated cybercrime gang behind…

Google details cookie stealer malware campaign targeting YouTubers

Google attributed the malware campaign to a group of attackers recruited via a Russian-language hacker forum. Google has disclosed details of a new campaign involving phishing attacks launched against YouTube…

WinRAR vulnerability allowed attackers to remotely hijack systems

The vulnerability in WinRAR trialware could be abused by a remote attacker for executing arbitrary code on any system thus, getting an opportunity to launch a range of attacks. According…

Cisco SD-WAN Security Bug Allows Root Code Execution

The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw. Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could allow…

Ransomware: Looking for weaknesses in your own network is key to stopping attacks

Ransomware is a major cybersecurity threat to organisations around the world, but it’s possible to reduce the impact of an attack if you have a thorough understanding of your own…

India Releases Cybersecurity Guidelines for Power Sector

Trend Micro – Trend Micro – The Indian Government’s Power Ministry and the Central Electricity Authority (CEA) recently released cybersecurity guidelines to enhance the power sector’s cybersecurity readiness. It is…

72% of Organizations Experienced a DNS Attack in the Last Year

72% of Organizations Experienced a DNS Attack in the Last Year Nearly three-quarters (72%) of organizations have suffered a domain name system (DNS) attack in the last 12 months, according…

Introducing ATT&CK v10: More Objects, Parity and Features

Amy L. RobertsonOct 21 · 6 min read By Amy L. Robertson (MITRE), Alexia Crumpton (MITRE), and Chris Ante (MITRE) As announced a couple of weeks ago, we’re back with…

Microsoft announces security programs for nonprofits as nation-state attacks increase

Microsoft unveiled a new suite of tools on Thursday built to protect nonprofits as threats against philanthropic organizations globally have skyrocketed, particularly from nation-states. The Microsoft Security Program for Nonprofits…

C2 Communication Is Enabled via WebSockets in a Fresh PurpleFox Botnet Version

PurpleFox botnet, the well-known Dirty Moe, goes on and develops more vulnerability exploits and payloads. The fresh news on this botnet shows how this time it establishes C2 communication via…