May 6, 2024 at 09:15AM Iran’s state-sponsored cyberespionage group APT42, also known as Calanque and UNC788, has been using new backdoors to target NGOs, government, and intergovernmental organizations. The group, operating since at least 2015 and believed to be linked to the Islamic Revolutionary Guard Corps, uses social engineering to target academia, activists, media organizations, … Read more
May 3, 2024 at 02:09PM Microsoft’s security chief, Charlie Bell, pledges radical reforms in response to scathing US government report. The strategic shift prioritizes security above all product features. Plans include adding Deputy CISOs to product teams, linking leaders’ pay to security progress, and initiating security-themed “engineering waves” across various divisions. The initiative aims to … Read more
May 3, 2024 at 09:57AM Threat actors are increasingly using Microsoft Graph API for malicious purposes to evade detection, enabling communication with command-and-control (C&C) infrastructure on Microsoft cloud services. Symantec uncovered instances of nation-state-aligned hacking groups using this method, including the deployment of previously undocumented malware called BirdyClient. The popularity of Graph API among attackers … Read more
May 2, 2024 at 10:03AM Corelight, an NDR company, secures $150M in Series E funding round led by Accel, with support from Cisco Investments and CrowdStrike Falcon Fund. The San Francisco-based company, offering network traffic analysis and ground truth evidence of adversarial activity, plans to accelerate AI-driven security innovation and cloud-native security capabilities, in addition … Read more
May 2, 2024 at 06:27AM Dropbox disclosed that its subsidiary, Dropbox Sign, experienced a data breach on May 2, 2024. Unidentified threat actors accessed user emails, usernames, and account settings. Phone numbers, hashed passwords, and authentication information of some users were also compromised. Dropbox is investigating, cooperating with authorities, and taking steps to protect affected … Read more
May 1, 2024 at 06:24PM Hackers breached Dropbox Sign’s production systems, accessing authentication tokens, MFA keys, hashed passwords, and customer data. The company detected unauthorized access on April 24 and found that threat actors gained access to an automated system configuration tool, allowing them to access the customer database. Dropbox reset all users’ passwords and … Read more
May 1, 2024 at 02:58PM San Francisco startup Traceable AI secured $30 million in venture capital from investors including Citi Ventures, IVP, Geodesic Capital, Sorenson Capital, and Unusual Ventures. The company focuses on API security and observability, with a flagship platform securing thousands of API endpoints and billions of API calls monthly. The investment will … Read more
May 1, 2024 at 11:21AM Lumen’s Black Lotus Labs have discovered a new malware platform named Cuttlefish, capable of harvesting public cloud authentication data from enterprise and SOHO routers. The platform, similar to HiatusRat, is believed to be linked to a Chinese hacking group targeting US and European organizations. Cuttlefish is specifically designed to capture … Read more
May 1, 2024 at 09:27AM Cuttlefish, a new malware, targets enterprise and SOHO routers, creating proxy/VPN tunnels to steal data and authentication information. It can perform DNS/HTTP hijacking, targeting services such as Alicloud, AWS, and BitBucket. Black Lotus Labs found its active campaign in Turkey and recommends strengthening security measures and monitoring for unusual logins. … Read more
April 30, 2024 at 10:06AM The RSA Conference theme “The Art of Possible” reflects the challenges and opportunities in data security, particularly with the shift to the cloud and the rise of AI. The upcoming conference will feature sessions on implementing data governance, integrating data security and privacy, leveraging AI for security, data lifecycle management, … Read more