October 13, 2023 at 06:18AM Microsoft has launched a bug bounty program specifically focused on vulnerabilities in its artificial intelligence (AI)-powered Bing search engine. The program offers rewards of up to $15,000 for vulnerabilities found in bing.com and associated applications. Microsoft is particularly interested in vulnerabilities related to inference manipulation, model manipulation, and inferential information … Read more
October 13, 2023 at 03:59AM Void Rabisu, a threat actor associated with financially motivated ransomware attacks, has shifted its focus to targeted campaigns on Ukraine and countries supporting Ukraine. They have developed a new variant called ROMCOM, which they used in campaigns targeting EU military personnel and political leaders working on gender equality initiatives. The … Read more
October 13, 2023 at 03:24AM The DarkGate malware is being distributed through messaging platforms like Skype and Teams. Once installed, additional malicious payloads are introduced. The campaign has been most active in the Americas, followed by Asia, the Middle East, and Africa. DarkGate is a commodity loader that executes various actions, including remote access, cryptocurrency … Read more
October 12, 2023 at 08:26PM 35 vulnerabilities in the Squid caching proxy remain unfixed after more than two years, according to the person who reported them. The researcher found 55 flaws in Squid’s source code, but only 20 have been fixed. The remaining vulnerabilities do not have patches or workarounds, and some have not been … Read more
October 12, 2023 at 07:46PM The US government has updated the list of tools used by AvosLocker ransomware affiliates in attacks to include open-source utilities and custom PowerShell and batch scripts. The FBI and CISA have shared a YARA rule for detecting malware disguised as a legitimate network monitoring tool. AvosLocker affiliates use legitimate software … Read more
October 12, 2023 at 06:39PM In summary, the text highlights the quantum threat to cybersecurity and the need for post-quantum cryptography (PQC) to protect against it. It discusses the importance of cryptographic agility and orchestration in managing and adapting to changing cryptographic algorithms. The text also emphasizes the ongoing PQC standardization process and the need … Read more
October 12, 2023 at 06:10PM DigiCert has announced the next generation of its Trust Lifecycle Manager called Discovery. This enables customers to create a centralized record of cryptographic keys and certificates, improving security and reducing the time needed for updates and threat remediation. The integration with services like Qualys and AWS Private CA allows for … Read more
October 12, 2023 at 05:49PM Appdome has released new threat evaluation tools within their ThreatScope Mobile XDR platform. These tools, including Threat-Inspect, Threat-Views, and Threat-Snapshots, enhance monitoring, investigation, and response to mobile app threats and attacks. The platform gathers threat signals and translates them into actionable views for cyber, fraud, and business teams. These evaluation … Read more
October 12, 2023 at 05:06PM BlackBerry has announced two new Unified Endpoint Management (UEM) innovations – BlackBerry UEM at the edge and BlackBerry UEM for IoT. BlackBerry UEM at the edge enhances enterprise productivity by placing workloads close to the end user, resulting in ultra-low latency connectivity. BlackBerry UEM for IoT enables organizations to manage … Read more
October 12, 2023 at 04:59PM A threat actor is using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a malware associated with information theft, keylogging, cryptocurrency mining, and ransomware. The campaign targets organizations in the Americas, and the developer of DarkGate is advertising it on underground forums and leasing it out as a service … Read more