December 4, 2023 at 06:54AM Cybersecurity experts have uncovered a new version of the P2PInfect botnet targeting routers and IoT devices, now able to infect devices using MIPS architecture. First identified in 2023 exploiting a critical Redis vulnerability, P2PInfect has evolved with evasion tactics and now includes a Windows DLL module, indicating a sophisticated threat … Read more
December 1, 2023 at 05:27PM Cybersecurity is critical for space missions as threat actors now easily target space infrastructures due to the integration of standard IT with space tech. The ESA is enhancing defenses through initiatives like the C-SOC, offering access and tools to the industry, and employing AI and digitalization to improve threat detection … Read more
November 30, 2023 at 04:08PM A modified “Gh0st RAT” malware, called “SugarGh0st,” has been targeting South Koreans and Uzbekistan’s Ministry of Foreign Affairs. Distributed via phishing with decoy documents, the updated malware evades detection and allows remote access, data theft, and system manipulation. Originating from March 2008, Gh0st RAT remains effective due to its adaptability … Read more
November 30, 2023 at 12:42PM The US government has seized Sinbad.io, a crypto mixer used by North Korea’s Lazarus Group to launder money from cyber heists. The sanction requires US persons to block and report any Sinbad property and prohibits dealings with the service. Lazarus has stolen over $2 billion in digital assets, continuing its … Read more
November 29, 2023 at 03:28PM Google has revealed another actively exploited Chrome zero-day vulnerability (CVE-2023-6345) due to an integer overflow in Skia graphics. It’s the seventh zero-day patched this year amidst numerous critical browser flaws disclosed by major tech companies. Growing browser usage and Chromium’s shared base have heightened interest among attackers, leading to increased … Read more
November 29, 2023 at 10:50AM The increasing reliance on web-based apps for various tasks makes them prime targets for hackers due to multiple dependencies, valuable data storage, and insecure APIs. Successful breaches can cause data loss, reputational damage, and spread malware. Continuous monitoring, like Outpost24’s PTaaS, is crucial for real-time vulnerability identification and mitigation. Meeting … Read more
November 29, 2023 at 05:36AM An expanded Android malware campaign aimed at Iranian banks now utilizes new evasion techniques and phishing tactics, with over 200 malicious apps identified. The malware seeks extensive permissions and steals credentials, leveraging Android accessibility services. Upgrades include SMS interception and resisting uninstallation, with infected apps receiving updates from GitHub and … Read more
November 28, 2023 at 05:50PM CISA has highlighted a national security risk following the expiration of the CFATS program, which regulated security at chemical facilities to prevent terrorism. With CFATS lapsed since July, CISA notes increased danger as facilities may acquire dangerous chemicals without adequate security measures, and potential terrorist ties may go unchecked. Meeting … Read more
November 28, 2023 at 08:26AM Join Melinda Marks, ESG Practice Director for Cybersecurity, at AWS re:Invent 2023 for a talk on cloud detection and response (CDR) and the current trends in cloud security. They will discuss the new tactics used by malicious actors in 2024 and share technologies like CDR that can help minimize these … Read more
November 28, 2023 at 03:53AM Despite the increasing security risk, passwords are still prevalent in the workplace, with organizations slowly transitioning to passwordless technology. According to a survey, 30% have started the transition, while 36% are one to two years away, and 21% are three to four years away. Weak password practices contribute to the … Read more