October 12, 2023 at 04:59PM A threat actor is using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a malware associated with information theft, keylogging, cryptocurrency mining, and ransomware. The campaign targets organizations in the Americas, and the developer of DarkGate is advertising it on underground forums and leasing it out as a service … Read more
October 12, 2023 at 10:38AM Researchers have discovered a sophisticated malware hidden within an authentic-looking WordPress caching plugin. This malware can create admin accounts and remotely activate plugins, giving threat actors complete control over infected websites. The malware can be difficult to detect and has features like conditional content filtering and file modification capabilities. WordPress … Read more
October 12, 2023 at 09:57AM The Everest ransomware group is seeking to recruit corporate insiders to gain access to corporate networks directly. The group is offering a percentage of the profits from successful attacks to those who assist in the initial intrusion, promising transparency and confidentiality. Everest is specifically targeting organizations in the US, Canada, … Read more
October 11, 2023 at 05:31PM A new malware disguised as a caching plugin is targeting WordPress sites, allowing threat actors to gain control over the site. The malware functions as a backdoor, enabling the management of plugins, content replacement, and redirecting users to malicious locations. It disguises itself as a legitimate plugin to avoid detection. … Read more
October 11, 2023 at 04:24PM The cybersecurity community anxiously awaited the disclosure of two security flaws in the open source proxy resolution tool, Curl. However, after patches and bug details were unveiled, neither vulnerability lived up to the hype. The first flaw could allow data corruption or remote code execution, but it only affects a … Read more
October 11, 2023 at 02:46PM Microsoft Defender for Endpoint now has a new feature called ‘contain user’ in public preview that helps prevent lateral movement in hands-on-keyboard attacks. It isolates compromised user accounts to disrupt attacks and prevent malicious actions such as credential theft and data exfiltration. The feature has been effective in protecting thousands … Read more
October 11, 2023 at 11:55AM Moving financial services to the cloud requires careful consideration of security, compliance, and governance. It is important to establish secure use of the cloud and comply with regulations. Cloud governance, including three lines of governance, is crucial. Implementing infrastructure, application, and data pipelines, as well as change management and monitoring, … Read more
October 11, 2023 at 06:42AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities catalog. These include an Adobe Acrobat and Reader flaw that can be exploited for remote code execution, an out-of-bounds write flaw in Cisco IOS and IOS XE, two zero-days impacting Skype for … Read more
October 10, 2023 at 03:35PM A new zero-day attack named “HTTP/2 Rapid Reset” has exploited a security vulnerability, resulting in a record-breaking distributed denial-of-service (DDoS) flood. The attack targeted cloud and Internet infrastructure providers and lasted for minutes. The attack utilized a bug in the HTTP/2 protocol, affecting about 60% of web applications. While mitigation … Read more
October 10, 2023 at 02:18AM Threat actors are exploiting a critical flaw in Citrix NetScaler ADC and Gateway devices to conduct a credential harvesting campaign. The flaw, CVE-2023-3519, allows for remote code execution. Attackers are inserting a malicious script into the authentication web page and capturing user credentials. IBM X-Force has identified at least 600 … Read more