November 9, 2023 at 01:08PM Android, with over 3 billion users, is a target for malware attacks. Anti-malware solutions like antivirus apps, firewalls, VPNs, and security patches are available but not foolproof against evolving threats. Evasion techniques and incremental malicious update attacks pose risks. Users should be cautious of downloads, keep devices and apps updated, … Read more
November 9, 2023 at 11:57AM A state-sponsored advanced persistent threat group named “Imperial Kitten” has been conducting watering-hole attacks against Israeli transportation, logistics, and technology sectors. The group, believed to have links to Iran’s Islamic Revolutionary Guard Corps, infiltrates legitimate websites to redirect visitors to attacker-controlled locations and phishing sites. The compromised data is then … Read more
November 8, 2023 at 06:39AM Approximately 665,000 customers of the Marina Bay Sands luxury resort in Singapore have been affected by a recent data breach. The breach specifically impacts members of the shopping loyalty program, with no indication that the casino rewards program was affected. While passwords and financial information were not compromised, the exposed … Read more
November 7, 2023 at 12:23PM The recent cyberattacks on MGM Resorts International and Caesars Entertainment highlight the impact of data breaches on organizations. The breach was orchestrated through social engineering tactics using information obtained from LinkedIn. The root cause of such breaches is the continued reliance on legacy sign-in credentials, which are easily compromised. In … Read more
November 3, 2023 at 04:33PM Ace Hardware is still struggling to recover from a cyberattack that impacted 196 servers and over 1,000 network devices. Operating systems and key tools are still disrupted, causing shipment disruptions and preventing customers from placing online orders. The company has seen follow-on phishing attacks and warns retailers of two scams … Read more
November 1, 2023 at 10:54AM LayerX has developed a secure browser extension to address the various risks and vulnerabilities associated with browsers in modern enterprises. The extension offers comprehensive visibility, continuous monitoring, and granular policy enforcement within the browsing session. It can detect and mitigate risks such as data leakage, malicious browser extensions, and unauthorized … Read more
October 31, 2023 at 02:03PM A cyber threat actor known as “Prolific Puma” is using a link-shortening service to provide cybercriminals with .us domains, making their phishing campaigns harder to detect. Prolific Puma has generated over 75,000 unique domains in the past 18 months, evading regulations and providing criminals with shortened links that fit in … Read more
October 27, 2023 at 10:13AM Generative AI tools are becoming a nightmare for security teams as they are used to create deepfakes and sophisticated phishing emails. A survey shows that 56% of employees use generative AI at work, but only 26% of organizations have policies in place. Shadow AI, unauthorized AI tool usage, poses a … Read more
October 25, 2023 at 09:41AM The Winter Vivern Russian hacking group has been targeting European government entities and think tanks since at least October 11 by exploiting a zero-day vulnerability in Roundcube Webmail. The Roundcube development team has released security updates to fix the vulnerability. The group, also known as TA473, uses phishing emails containing … Read more
October 25, 2023 at 09:19AM The Winter Vivern Russian hacking group has been targeting European government entities and think tanks since at least October 11. They have been exploiting a Roundcube Webmail zero-day vulnerability and using phishing emails to inject arbitrary JavaScript code. The group has also targeted Zimbra and previously exploited vulnerabilities in Roundcube … Read more