January 18, 2024 at 05:21AM Security researchers have traced a DDoS botnet infecting millions of smart TVs and set-top boxes to the Bigpanzi cybercrime syndicate. At its peak, 170,000 bots were running daily and were used for cybercrimes such as DDoS attacks and hijacking broadcasts. The researchers aim to combat Bigpanzi and seek collaboration from … Read more
January 17, 2024 at 02:37PM Vicarius, a New York vulnerability management firm, secured $30 million in a Series B funding round led by Bright Pixel. With total funding exceeding $56 million, the company offers automated vulnerability management through vRx and a PLG model. Their LLM-based approach with vuln_GPT aims to combat AI attacks, and the … Read more
January 17, 2024 at 01:07PM Security researchers discovered a method to detect spyware infections like Pegasus, Reign, and Predator on compromised Apple mobile devices by analyzing the Shutdown.log file. Kaspersky released Python scripts to automate this process and recommend regular device restarts to capture signs of infection. The method proved reliable in identifying spyware-related behaviors … Read more
January 10, 2024 at 06:34AM Cisco Talos released a decryptor for the Tortilla variant of Babuk ransomware, enabling victims to regain file access. The cybersecurity firm shared intelligence that led to the arrest of the threat actor. Avast also obtained the encryption key, updating its decryptor for all Tortilla victims. Meanwhile, Security Research Labs unveiled … Read more
January 8, 2024 at 08:36AM Security researchers warn that tens of thousands of public GitHub repositories are vulnerable to malicious code injection via self-hosted GitHub Actions runners, posing high-impact supply chain attack risks. These attacks can be launched using self-hosted runners, allowing malicious code execution and persistence. Exploitation of this vulnerability has led to significant … Read more
January 5, 2024 at 11:15AM Cybersecurity researchers have identified a new Apple macOS backdoor called SpectralBlur, attributed to North Korean threat actors. It has capabilities such as uploading/downloading files and running shell commands. The malware shares similarities with KANDYKORN, showcasing the growing focus of North Korean threat actors on macOS, particularly in cryptocurrency and blockchain … Read more
January 5, 2024 at 08:42AM Security researchers have uncovered SpectralBlur, a new macOS backdoor linked to the North Korean malware family KandyKorn. The malware, with capabilities such as file manipulation and communication with the command-and-control server, shares similarities with KandyKorn. It is believed to be another addition to the arsenal of Lazarus, a prominent North … Read more
January 4, 2024 at 08:37PM Threat actor UNC-0050, known for targeting Ukrainian organizations with RemcosRAT, is back with a new tactic using anonymous pipes to transfer data covertly. The group’s latest campaign aims at Ukrainian government entities, posing a significant risk to Windows-reliant sectors. Uptycs researchers highlighted the group’s politically motivated activities and state the … Read more
January 3, 2024 at 10:39AM Cybersecurity researcher Runa Sandvik, known for her ‘situative’ approach, emphasizes the need for contextual understanding in cybersecurity. She believes curiosity, stubbornness, and an interest in the topic are vital for aspiring researchers. Sandvik discusses revenue sources for researchers, the ethics of bug bounties, responsible disclosure, and its legal implications. She … Read more
January 3, 2024 at 08:36AM Malware utilizing an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions, allowing continuous access to Google services even after a password reset. Threat actor PRISMA first revealed the technique, which has been incorporated into various malware-as-a-service (MaaS) stealer families. Google acknowledges the attack and advises users to log … Read more