Recent Security News
-
Google Play Protect adds real-time scanning to fight Android malware
October 18, 2023 at 12:28PM Google has introduced real-time scanning features for Google Play Protect to improve the detection of malicious apps that use polymorphism. This will help enhance the safety of Android users and reduce malware infections. The scanning occurs at the code level and sends behavioral signals to be analyzed for malicious activity.…
-
MATA malware framework exploits EDR in attacks on defense firms
October 18, 2023 at 12:28PM The MATA backdoor framework has been observed in attacks targeting oil and gas firms and the defense industry in Eastern Europe between August 2022 and May 2023. The attacks used spear-phishing emails to trick victims into downloading malicious executables that exploit a vulnerability in Internet Explorer. The updated MATA framework…
-
North Korea’s Kimsuky Doubles Down on Remote Desktop Control
October 18, 2023 at 12:15PM North Korea’s Kimsuky cyber threat group has been found to be using Remote Desktop Protocol (RDP) and other tools to remotely take over targeted systems. The group has also been leveraging open source software such as TightVNC and Chrome Remote Desktop. Kimsuky continues to use spear phishing as its initial…
-
Google links WinRAR exploitation to multiple state hacking groups
October 18, 2023 at 11:16AM State-backed hacking groups, including Sandworm, APT28, and APT40, are exploiting a vulnerability in WinRAR to execute arbitrary code on targeted systems. The bug, known as CVE-2023-38831, has been exploited since April 2023, enabling threat actors to deliver various malware payloads. Despite a patch being available, many users remain vulnerable. Google…
-
Single Sign On and the Cybercrime Ecosystem
October 18, 2023 at 11:16AM Cybercrime, specifically data extortion ransomware attacks, is increasing dramatically. Stealer logs, which are logs containing stolen credentials and session cookies, are being distributed through Telegram channels and pose a significant threat. Single sign-on (SSO) applications used by enterprises are being compromised, exposing sensitive information and making social engineering tactics easier.…