November 24, 2023 at 05:36AM Researchers have discovered a Rust version of the cross-platform backdoor SysJoker, indicating its use by a Hamas-affiliated group to target Israel. The malware has undergone significant changes, using Rust language instead of its previous version. The threat actor has also switched from Google Drive to OneDrive for storing command-and-control server … Read more
November 24, 2023 at 02:30AM Cybersecurity researchers have discovered publicly exposed Kubernetes configuration secrets that could potentially lead to supply chain attacks. The secrets, containing credentials for accessing container image registries, were uploaded to public repositories. Among those affected are top blockchain companies and fortune-500 companies. The researchers found that a significant portion of the … Read more
November 23, 2023 at 01:02PM Fidelity National Financial (FNF), a Fortune 500 insurance company, has experienced a cybersecurity incident that has forced the shutdown of several systems. The incident has affected services related to title insurance, escrow, and mortgage transactions. FNF is currently assessing the impact of the incident and working to restore normal operations. … Read more
November 23, 2023 at 12:35PM The Zero2Automated malware analysis and reverse-engineering course is offering a Black Friday through Cyber Monday sale with a 25% discount sitewide, including gift certificates and courses. The course, started in May 2020 by Vitali Kremez and Daniel Bunce, provides over 25 hours of content and an online community with peers … Read more
November 23, 2023 at 10:48AM DevOps professionals face challenges in learning complex technologies and developing interpersonal skills. Networking in modern network architectures, writing software tests, mastering infrastructure as code, and understanding containerization and orchestration are some of the most difficult skills for DevOps practitioners. Additionally, soft skills like communication, empathy, and adaptability are crucial to … Read more
November 23, 2023 at 10:48AM Private 5G networks are at risk due to a vulnerability in the GPRS Tunneling Protocol User Plane (GTP-U). The lack of encryption and authentication mechanisms in this critical link allows attackers to breach private 5G networks through packet reflection. To mitigate this risk, organizations should implement robust security protocols, firewalls, … Read more
November 23, 2023 at 10:06AM A new phishing attack carried out by a cyber espionage group called Konni has been observed. The attackers are using a Russian-language Microsoft Word document to deliver malware that can collect sensitive information from compromised Windows hosts. The group is known for targeting Russia and uses spear-phishing emails and malicious … Read more
November 23, 2023 at 08:44AM The UK and South Korea’s national cybersecurity organizations have issued a joint advisory warning about an increase in the volume and sophistication of North Korean software supply chain attacks. The advisory highlights the use of zero-day and N-day vulnerabilities and multiple exploits to achieve North Korea’s priorities, which include generating … Read more
November 23, 2023 at 08:24AM Shipping-themed email messages are being used to distribute the WailingCrab malware. The malware consists of multiple components and is associated with the threat actor TA544. It prioritizes stealth and utilizes hacked websites and platforms like Discord for communication. The newer variants of the malware use the MQTT protocol for command-and-control, … Read more
November 23, 2023 at 06:57AM Direct debit collection company London & Zurich suffered a ransomware attack on November 10, resulting in outages that have caused significant cash flow disruptions for customers. Some customers have been unable to process direct debit payments, leading to financial difficulties. Communication from London & Zurich has been sporadic and unclear, … Read more