November 1, 2023 at 11:46AM VMware Carbon Black’s Threat Analysis Unit (TAU) found numerous previously unknown vulnerable kernel drivers that could be used by attackers to modify firmware or escalate privileges. After analyzing 18,000 Windows driver samples, TAU identified 34 unique vulnerable drivers, including ones from major BIOS and chip makers. Exploiting these drivers can … Read more
October 31, 2023 at 11:29AM Prolific Puma, an actor known by researchers for providing link shortening services, has been assisting cybercriminals for over four years without attracting attention. The actor has registered thousands of domains, particularly on the US top-level domain, to facilitate phishing, scams, and malware distribution. Prolific Puma’s service involves short links that … Read more
October 25, 2023 at 03:51PM Five Ontario hospitals are facing a cyberattack that has disrupted their IT systems, resulting in the cancellation of patient appointments. Service provider TransForm is investigating whether patient data was accessed. In addition, a disinformation campaign called Spamouflage, linked to China, has been targeting Canadian government officials on social media since … Read more
October 25, 2023 at 11:30AM Ransomware attacks are becoming increasingly prevalent, with cybercriminals targeting not only large organizations but also small and medium-sized businesses. The rise of ransomware-as-a-service (RaaS) enables even novice attackers to launch devastating attacks. Recent incidents include the LockBit ransomware attack on the city of Oakland, the Royal ransomware attack on the … Read more
October 24, 2023 at 11:21AM 1Password has confirmed that it was attacked by cyber criminals following a breach of Okta’s customer support portal. The attack was detected on September 29 and the company’s incident response team quickly engaged, finding a suspicious IP address and unauthorized access to the Okta instance. While no user data or … Read more
October 18, 2023 at 10:53AM D-Link has confirmed being targeted by cyber criminals but downplayed the impact. Only around 700 stolen records were determined, contradicting the claim of 3 million in a hacking forum post. The data came from an old D-View 6 system in a test lab environment and included low-sensitive information. D-Link is … Read more
October 17, 2023 at 10:04AM Threat actors are constantly finding new ways to trick end-users into giving up their credentials, leading to a rise in credential theft. Cybercriminals target credentials because people often reuse the same login information across multiple sites, giving hackers access to sensitive accounts. They use social engineering tactics like tailgating, spear … Read more
October 12, 2023 at 04:44PM Microsoft announced that it is deprecating and eventually removing VBScript from future Windows releases. Although the programming language is nearly 30 years old, cybercriminals still use it to gain access to targets. Microsoft will make VBScript a feature on demand and users can turn it on if desired, but there … Read more
October 12, 2023 at 09:57AM The Everest ransomware group is seeking to recruit corporate insiders to gain access to corporate networks directly. The group is offering a percentage of the profits from successful attacks to those who assist in the initial intrusion, promising transparency and confidentiality. Everest is specifically targeting organizations in the US, Canada, … Read more
October 11, 2023 at 12:53PM Cybercriminal groups behind the Magecart payment-card theft campaigns have developed a new technique to hide their credit card skimming code. They have started hiding JavaScript code in a comment on a targeted website’s 404 error page. By modifying other pages on the site to include a call to a nonexistent … Read more