October 16, 2023 at 01:12AM Threat actors are using Binance’s Smart Chain (BSC) contracts to host and deliver malicious code, making it difficult to detect and stop their attacks. The campaign, known as EtherHiding, leverages compromised WordPress sites to deceive users into downloading malware through fake browser update notices. The decentralized nature of blockchain makes … Read more
October 15, 2023 at 11:00PM The US Securities and Exchange Commission (SEC) is investigating Progress Software’s MOVEit file transfer software following a data breach. Progress admitted to receiving a subpoena from the SEC and stated that it is facing multiple class-action lawsuits and other litigation over the breach. Progress also disclosed that it has received … Read more
October 15, 2023 at 01:53PM Valve is implementing additional security measures on Steam to address the recent outbreak of malware being pushed from compromised publisher accounts. Starting October 24, game developers will be required to pass an SMS-based security check before pushing updates, and the same requirement will be enforced for adding new users to … Read more
October 15, 2023 at 01:53PM A lightweight variant of the RomCom backdoor was used to target participants of the Women Political Leaders Summit in Brussels. The attackers created a fake website to lure attendees, and the new variant of RomCom employs a stealthier backdoor with a TLS-enforcement technique to make detection more difficult. This attack … Read more
October 15, 2023 at 01:53PM Researchers at the University of South Australia and Charles Sturt University have developed an algorithm using machine learning to detect man-in-the-middle (MitM) attacks on unmanned military robots. The algorithm, tested on a replica of the GVR-BOT used by the U.S. Army, achieved a 99% success rate in preventing attacks. The … Read more
October 15, 2023 at 01:53PM DarkGate malware attacks have been using compromised Skype accounts to infect targets. The attacks involve VBA loader script attachments that download an AutoIT script to drop and execute the final DarkGate malware payload. Trend Micro researchers also observed DarkGate being pushed through Microsoft Teams. The malware-as-a-service operation has seen a … Read more
October 14, 2023 at 07:41AM Ubuntu, the popular Linux distribution, has removed its Desktop release 23.10 after discovering hateful language in the Ukrainian translations. A malicious contributor injected anti-Semitic, homophobic, and xenophobic slurs into the distribution using a third-party tool. Ubuntu has taken down the affected images and will release a new version once the … Read more
October 14, 2023 at 02:48AM Microsoft plans to eliminate NT LAN Manager (NTLM) in Windows 11, focusing instead on strengthening the Kerberos authentication protocol. New features in Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos. NTLM has vulnerabilities that make it susceptible to … Read more
October 13, 2023 at 06:31PM Ransomware attacks on enterprises are causing disruption and data breaches. Recent attacks include Air Canada being targeted by BianLian, and state courts in Northwest Florida being attacked by ALPHV. Simpson Manufacturing experienced a cybersecurity incident, and a threat actor leaked the source code for the Hello Kitty ransomware. Ransomware trends … Read more
October 13, 2023 at 04:59PM Progress Software plans to collect on its $15 million cyber insurance policy in light of the recent class action lawsuits and fines it faces due to security breaches caused by its MOVEit file transfer software. This large payout is likely to impact how insurers approach their businesses as premiums increase … Read more