November 14, 2023 at 10:56AM The Royal ransomware gang is potentially preparing for a rebrand or spinoff, as their ransom demands have already exceeded $275 million. The group has targeted over 350 victims worldwide, demanding between $1 million and $12 million in ransom. They primarily gain access through phishing emails and employ partial encryption and … Read more
November 13, 2023 at 01:32AM The UK’s Royal Mail has been found to have an open redirect flaw on one of its websites, which potentially exposes customers to malware infections and phishing attacks. The vulnerability allows attackers to use the legitimate website to redirect users to malicious sites. The Royal Mail has been notified of … Read more
November 9, 2023 at 01:08PM Android, with over 3 billion users, is a target for malware attacks. Anti-malware solutions like antivirus apps, firewalls, VPNs, and security patches are available but not foolproof against evolving threats. Evasion techniques and incremental malicious update attacks pose risks. Users should be cautious of downloads, keep devices and apps updated, … Read more
November 9, 2023 at 11:57AM A state-sponsored advanced persistent threat group named “Imperial Kitten” has been conducting watering-hole attacks against Israeli transportation, logistics, and technology sectors. The group, believed to have links to Iran’s Islamic Revolutionary Guard Corps, infiltrates legitimate websites to redirect visitors to attacker-controlled locations and phishing sites. The compromised data is then … Read more
November 8, 2023 at 06:39AM Approximately 665,000 customers of the Marina Bay Sands luxury resort in Singapore have been affected by a recent data breach. The breach specifically impacts members of the shopping loyalty program, with no indication that the casino rewards program was affected. While passwords and financial information were not compromised, the exposed … Read more
November 7, 2023 at 12:23PM The recent cyberattacks on MGM Resorts International and Caesars Entertainment highlight the impact of data breaches on organizations. The breach was orchestrated through social engineering tactics using information obtained from LinkedIn. The root cause of such breaches is the continued reliance on legacy sign-in credentials, which are easily compromised. In … Read more
November 3, 2023 at 04:33PM Ace Hardware is still struggling to recover from a cyberattack that impacted 196 servers and over 1,000 network devices. Operating systems and key tools are still disrupted, causing shipment disruptions and preventing customers from placing online orders. The company has seen follow-on phishing attacks and warns retailers of two scams … Read more
November 1, 2023 at 10:54AM LayerX has developed a secure browser extension to address the various risks and vulnerabilities associated with browsers in modern enterprises. The extension offers comprehensive visibility, continuous monitoring, and granular policy enforcement within the browsing session. It can detect and mitigate risks such as data leakage, malicious browser extensions, and unauthorized … Read more
October 31, 2023 at 02:03PM A cyber threat actor known as “Prolific Puma” is using a link-shortening service to provide cybercriminals with .us domains, making their phishing campaigns harder to detect. Prolific Puma has generated over 75,000 unique domains in the past 18 months, evading regulations and providing criminals with shortened links that fit in … Read more
October 27, 2023 at 10:13AM Generative AI tools are becoming a nightmare for security teams as they are used to create deepfakes and sophisticated phishing emails. A survey shows that 56% of employees use generative AI at work, but only 26% of organizations have policies in place. Shadow AI, unauthorized AI tool usage, poses a … Read more