Deep Packet Inspection vs. Metadata Analysis of Network Detection & Response (NDR) Solutions

Today, most Network Detection and Response NDR solutions rely on traffic mirroring and Deep Packet Inspection DPI. Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload. While this...

Researchers Say China State-backed Hackers Breached a Digital Certificate Authority

A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group...

Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location

Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when, ...

New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders

Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of APT41, a prolific Chinese advanced persistent threat APT. Cybersecurity firm Trend Micro, which christened the espionage crew Earth Longzhi, said the...

Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign

A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report...

What is an External Penetration Test?

A penetration test also known as a pentest is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications. The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the...

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

A newly discovered evasive malware leverages the Secure Shell SSH cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service DDoS attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team SIRT, t...

Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images

A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to...

Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs

Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated...

Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan

Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices,"...

VPN vs. DNS Security

When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. Let's discuss both. VPN Explained VPN stands for Virtual Private Networks and basically hides your IP and provides ...

Multiple High-Severity Flaws Affect Widely Used OpenLiteSpeed Web Server Software

Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully...

Russian-Canadian National Charged Over Involvement in LockBit Ransomware Attacks

The U.S. Department of Justice DoJ has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world. The 33-year-old Ontario resident, Mikhail Vasiliev, has been taken into custody and is awaiting extradition to the...

New Updates for ESET's Advanced Home Solutions

It's no secret that antivirus software is as essential to your computer as a power cord. However, the threats don't stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email. ESET's latest consumer product...

Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month,...

Warning: New Massive Malicious Campaigns Targeting Top Indian Banks' Customers

Cybersecurity researchers are warning of "massive phishing campaigns" that distribute five different malware targeting banking users in India. "The bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentiall...

Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones' Lock Screens

Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's...

Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File

A malicious package discovered on the Python Package Index PyPI has been found employing a steganographic trick to conceal malicious code within image files. The package in question, named "apicolor," was uploaded to the Python third-party repository on October 31, 2022, and described as a "Core...

Is Cybersecurity Awareness Month Anything More Than PR?

Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways: 1. The public, by taking action to stay safe online. 2. Professionals, by joining the cyb...

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products

Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller ADC and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized...

High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies

Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The high-severity issue, tracked as CVE-2022-0902 CVSS score: 8.1, is a path-traversal vulnerabili...

Re-Focusing Cyber Insurance with Security Validation

The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump...

New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models

PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface UEFI firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases incl. dbx...

APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network

The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming following a successful phishing attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities a...

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network

A number of phishing campaigns are leveraging the decentralized InterPlanetary Filesystem IPFS network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware...

Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network

The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-...

Top 5 API Security Myths That Are Crushing Your Business

There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business. Why so? Because these myths are widening your security gaps. This is making it easier for attackers to abuse APIs. And API attacks are costly. Of course, you will have to bea...

New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide

An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to...

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the...

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This...

Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines

The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that...

New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like...

U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web

The U.S. Department of Justice DoJ on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04...

5 Reasons to Consolidate Your Tech Stack

The news surrounding the slowing economy has many wondering how much of an impact it will have on their businesses – and lives. And there's good reason to start preparing. A recent survey by McKinsey & Company found that 85% of small and midsize businesses plan to increase their security spending...

Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack

Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was...

This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others

Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the tool, which is buried inside a Help Center page about "Friending," was first reported by Business Insider...

Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data

Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive...

Robin Banks Phishing Service for Cybercriminals Returns with Russian Server

A phishing-as-a-service PhaaS platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day...

Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

Cybersecurity researchers have uncovered 29 packages in Python Package Index PyPI, the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12...

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the...

Researchers Detail New Malware Campaign Targeting Indian Government Employees

The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions ...

Your OT Is No Longer Isolated: Act Fast to Protect It

Not too long ago, there was a clear separation between the operational technology OT that drives the physical functions of a company – on the factory floor, for example – and the information technology IT that manages a company's data to enable management and planning. As IT assets became...

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA has published three Industrial Control Systems ICS advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's...

Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers

A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 aka Carbanak group. This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups,...

Why Identity & Access Management Governance is a Core Part of Your SaaS Security

Every SaaS app user and login is a potential threat; whether it's bad actors or potential disgruntled former associates, identity management and access control is crucial to prevent unwanted or mistaken entrances to the organization's data and systems. Since enterprises have thousands to tens of...

OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa

A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company...

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine an...

New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users' Data

Popular short-form video-sharing service TikTok is revising its privacy policy for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China. The ByteDance-owned platform, which currently stores European user data in the U.S...

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers. "These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain co...

These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites

A set of four Android apps released by the same developer has been discovered directing victims to malicious websites as part of an adware and information-stealing campaign. The apps, published by a developer named Mobile apps Group and currently available on the Play Store, have been collectivel...