Latest Cybersecurity News and Articles
01 August 2024
A report by Vipre Security Group, based on data from processing 1.8 billion emails, revealed that 49% of blocked spam emails were BEC attacks, with CEOs, HR, and IT being common targets. The study also found that 40% of BEC attacks were AI-generated.
01 August 2024
Research has unveiled a sophisticated campaign stealing SMS messages.
01 August 2024
TgRat Trojan, previously targeting Windows, now focuses on Linux, using Telegram to control infected machines. Discovered by Dr. Web, this RAT allows cybercriminals to exfiltrate data and execute commands.
01 August 2024
Some companies are paying ransomware attackers multiple times, with more than a third not receiving the decryption keys or getting corrupted keys after paying, according to a survey by Semperis.
01 August 2024
How to detect and prevent attackers from using these various techniques
Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it.
What Is Obfuscation?
Obfuscation is the technique of intentionally making information difficult to read, especially in
01 August 2024
The malware was found monitoring OTP messages from over 600 global brands, with victims detected in 113 countries, including India, Russia, Brazil, Mexico, the U.S., Ukraine, Spain, and Turkey.
01 August 2024
The UK's Electoral Commission was criticized by the Information Commissioner’s Office (ICO) for failing to protect the personal data of 40 million people from Chinese hackers in a cyberattack three years ago.
01 August 2024
Microsoft confirmed that an eight-hour outage on Tuesday affecting its Azure portal, Microsoft 365, and Microsoft Purview services was caused by a DDoS attack. The company mentioned that its response to the outage may have worsened the impact.
01 August 2024
Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems.
"On Windows, Chrome uses the Data Protection API (DPAPI) which protects the data at rest from other users on the system or cold boot attacks," Will Harris from the Chrome security team
01 August 2024
Secretive is an open-source app that securely stores and manages SSH keys in the Secure Enclave for Macs. Storing keys in the Secure Enclave prevents copying or exporting by malicious users or malware, ensuring a higher level of security.
01 August 2024
Apple has released a critical zero-day patch for older Macs running macOS Monterey 12.7.6, addressing an actively exploited vulnerability (CVE-2024-23296). The flaw in Apple’s RTKit real-time OS could allow unauthorized access to kernel memory.
01 August 2024
Meta has agreed to pay the State of Texas $1.4 billion in a settlement for unlawfully capturing and using biometric data of millions of Texans. This is the largest privacy settlement in US history.
01 August 2024
Lineaje has raised $20 million in a Series A funding round, led by Prosperity7 Ventures, Neotribe, and Hitachi Ventures, with Tenable Ventures also participating. This investment highlights the increasing demand for software supply chain security.
01 August 2024
EvilProxy, known as the "LockBit of phishing," is a popular phishing kit used in over a million attacks each month. It allows cybercriminals to launch ransomware infections, steal data, and compromise business emails.
01 August 2024
A threat actor recently impersonated Google through a fake ad for the Google Authenticator, a popular multi-factor authentication program. This resulted in innocent users unknowingly downloading malware or falling victim to phishing scams.
01 August 2024
Attackers disguise malicious tools as legitimate GenAI apps through phishing sites, web browser extensions, fake apps on mobile stores, and malicious ads on social media.
01 August 2024
The attack begins with emails from an Amazon SES client containing empty PDF attachments and a message from Docusign. Despite some checks failing, the emails can still appear legitimate due to the compromised source.
01 August 2024
Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malvertising tricks.
Recorded Future's Payment Fraud Intelligence team, which detected the campaign on April 17, 2024, has given it the name ERIAKOS owing to the use of the same content delivery network (CDN) oss.eriakos[.]com.
"These
01 August 2024
A recent survey reveals the top sources of business payment fraud.
31 July 2024
The notorious Trik botnet, aka Phorpiex, is being sold in antivirus circles, offering advanced capabilities to evade detection. This C++ botnet includes modules such as a crypto clipper, a USB emitter, and a PE infector targeting crypto wallets.