Recent Security News
-
Massive cybercrime URL shortening service uncovered via DNS data
October 31, 2023 at 11:29AM Prolific Puma, an actor known by researchers for providing link shortening services, has been assisting cybercriminals for over four years without attracting attention. The actor has registered thousands of domains, particularly on the US top-level domain, to facilitate phishing, scams, and malware distribution. Prolific Puma’s service involves short links that…
-
Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
October 31, 2023 at 11:17AM A cyber espionage group known as Arid Viper has been identified as responsible for an Android spyware campaign targeting Arabic-speaking users. The campaign uses a counterfeit dating app to gather data from infected devices. The malware has features that allow for the collection of sensitive information and the deployment of…
-
Canada bans WeChat and Kaspersky products on govt devices
October 31, 2023 at 11:13AM Canada has banned the use of Kaspersky security products and Tencent’s WeChat app on mobile devices used by government employees due to network and national security concerns. The ban will take effect on October 30, 2023, and the government has stated that there is no evidence of government information being…
-
‘Elektra-Leak’ Attackers Harvest AWS Cloud Keys in GitHub Campaign
October 31, 2023 at 10:57AM Attackers are actively targeting exposed Amazon Web Services (AWS) IAM credentials in public GitHub repositories to create instances for cryptocurrency mining. Palo Alto Networks observed the attacker creating 474 compute-optimized EC2 instances between August 30 and October 6. The attackers are able to launch attacks within minutes of credentials being…
-
Malicious NuGet packages abuse MSBuild to install malware
October 31, 2023 at 10:29AM A new NuGet typosquatting campaign has been discovered that uses malicious packages to exploit Visual Studio’s MSBuild integration and install malware. This campaign targets Windows users and is the first documented case of threat actors leveraging this feature in malicious NuGet packages. The attackers continually refine their techniques, with earlier…