Latest Cybersecurity News and Articles
15 April 2024
liblzma-sys, which has been downloaded over 21,000 times, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the XZ Utils data compression software. The impacted version in question is 0.3.2.
15 April 2024
Malware Next-Gen was originally designed to allow U.S. federal, state, local, tribal, and territorial government agencies to submit suspicious files and receive automated malware analysis through static and dynamic analysis tools.
15 April 2024
Russia is the most significant source of global cybercrime and serves as the top hub for digital threat actors worldwide, according to the newly released World Cybercrime Index.
15 April 2024
According to BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
15 April 2024
GSM Association’s Fraud and Security Group (FASG) has published the first version of a framework for describing, in a structured way, how adversaries attack and use mobile networks, based on the tactics, techniques, and procedures (TTPs) used.
15 April 2024
The COVID-19 Fraud Enforcement Task Force (CFETF) was set up in 2021 to tackle what is believed to be fraud on a vast scale, taking advantage of generous government loans and relief payments during the pandemic.
15 April 2024
The campaign is said to be highly targeted in nature, with the apps available on Google Play having a negligible number of installs ranging from zero to 45. The apps have since been taken down.
13 April 2024
A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.
Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July.
"At the time of both attacks,
13 April 2024
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations.
Hudhayfa Samir ‘Abdallah al-Kahlut, 39, also known as Abu Ubaida, has served as the public spokesperson of Izz al-Din al-Qassam Brigades, the military wing of Hamas, since at least 2007.
"He publicly
13 April 2024
CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group.
13 April 2024
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo
Alto Networks PAN-OS software dating back to March 26, 2024, nearly three
weeks before it came to light yesterday.
The network security company's Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor of
13 April 2024
A proof of concept exploit was shared on the XSS hacking forum explaining that a typo in the source code for Telegram for Windows could be exploited to send Python .pyzw files that bypass security warnings when clicked.
13 April 2024
The first, not entirely new, sub-technique involves manipulation of Transparency, Consent, and Control (TCC), a security protocol that regulates application permissions on Apple's macOS.
13 April 2024
While the mobile phishing campaign has yet to reach some U.S. regions, this can be explained by the fact that complaint information collected so far by IC3 indicates the scam may be moving from state to state.
12 April 2024
"Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal.
liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the XZ Utils data compression software. The
12 April 2024
The security issue could lead to the exfiltration of process memory addresses, which could help attackers bypass protection mechanisms like Address Space Layout Randomization (ASLR).
12 April 2024
Apple has updated its documentation related to its warning system for mercenary spyware threats, now specifying that it alerts users when they may have been individually targeted by such attacks.
12 April 2024
The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go.
12 April 2024
Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware payloads on vulnerable systems.
12 April 2024
Although cybersecurity is vital to an organization’s financial success, many companies do not have a designated cyber expert.