Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted E2EE protocol to secure audio and video calls. The protocol has been dubbed DAVE, short for Discord's audio and video end-to-end encryption "E2EE A/V". As part of the change introduced...

New PondRAT Malware Hidden in Python Packages Targets Software Developers

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT aka SIMPLESE...

Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

A suspected advanced persistent threat APT originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific APAC region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools. The intrusion activity, which w...

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks

A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. "Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims' data and then destroy their infrastructure with a...

LinkedIn Halts AI Data Processing in U.K. Amid Privacy Concerns Raised by ICO

The U.K. Information Commissioner's Office ICO has confirmed that professional social networking platform LinkedIn has suspended processing users' data in the country to train its artificial intelligence AI models. "We are pleased that LinkedIn has reflected on the concerns we raised about its...

Ukraine Bans Telegram Use for Government and Military Personnel

Ukraine has restricted the use of the Telegram messaging app by government officials, military personnel, and other defense and critical infrastructure workers, citing national security concerns. The ban was announced by the National Coordination Centre for Cybersecurity NCCC in a post shared on...

Europol Shuts Down iServer Phishing Scheme and Ghost Cybercrime Chat Platform

Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service PhaaS platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by...

Passwordless AND Keyless: The Future of (Privileged) Access Management

In IT environments, some secrets are managed well and some fly under the radar. Here's a quick checklist of what kinds of secrets companies typically manage, including one type they should manage: Passwords x TLS certificates x Accounts x SSH keys ??? The secrets listed above are typically secure...

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

An Iranian advanced persistent threat APT threat actor likely affiliated with the Ministry of Intelligence and Security MOIS is now acting as an initial access facilitator that provides remote access to target networks. Google-owned Mandiant is tracking the activity cluster under the moniker...

Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even...

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance CSA has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the...

Wherever There's Ransomware, There's Service Account Compromise. Are You Protected?

Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities NHI accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role...

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. "Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product's default credentials,"...

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. "Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on jus...

New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit

The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server VPS infrastructures based on the CentOS operating system. "The initial access was accomplished via a Secure Shell SSH brute force attack on the victim's assets, during whi...

Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene

Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital's systems are held hostage by ransomware, it's not just data at risk — it's the care of patients...

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest formerly DEV-083...

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

GitLab has released patches to address a critical flaw impacting Community Edition CE and Enterprise Edition EE that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library CVE-2024-45409, CVSS score: 10.0, which could allow an attacker to log in as an...

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office SOHO and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon aka Ethereal Panda or RedJuliett. The sophisticated botnet, dubbed Raptor Tra...

Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military

A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration NASA, research universities, and private companies. Song...

Why Pay A Pentester?

The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory. Fast forward to today, would we have imagined just three years...

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant...

Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing

Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects them against online threats. "With the newest version of Chrome, you can take advantage of our upgraded Safety Check, opt out...

GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

The GSM Association GSMA, the governing body that oversees the development of the Rich Communications Services RCS protocol, on Tuesday, said it's working towards implementing end-to-end encryption E2EE to secure messages sent between the Android and iOS ecosystems. "The next major milestone is f...

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 CVSS score: 9.8, has been described as a heap-overflow vulnerability in the DCE/RPC protocol. "A...

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers CRQCs. "Chrome will offer a key share prediction for hybrid ML-KEM codepoint 0x11EC," David...

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. "The United States will not tolerate the reckless...

How to Investigate ChatGPT activity in Google Workspace

When you connect your organization's Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see...

Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts

Meta has announced that it will begin training its artificial intelligence AI systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. "This means that our generative AI models will reflect British culture, history, and idiom, and that U.K...

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with...

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds has released fixes to address two security flaws in its Access Rights Manager ARM software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It...

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

A now-patched critical security flaw impacting Google Cloud Platform GCP Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable...

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor. The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the...

From Breach to Recovery: Designing an Identity-Focused Incident Response Playbook

Imagine this... You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is inside your walls, masquerading as a trusted user. This isn't a horror movie, it's the new reality of cybercrime. The question...

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage...

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information. The development was first reported by The Washington Post on Friday. The iPhone...

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials. "Unlike other phishing webpage distribution behavior through HTML content, these attacks use the...

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance CSA has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 CVSS score: 7.2, which allows remote code execution under certain circumstances. "An OS command...

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier...

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London TfL. "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," th...

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials Verizon DBIR, 2024. Solving this problem resolves over 80% of your corporate risk, and a solution is possible. However, most tools available on the market toda...

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination wit...

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Malicious actors are likely leveraging publicly available proof-of-concept PoC exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released f...

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining and deliver botnet malware. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver a malware strain dubbed Hadooken,...

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2023 with the goal of harvesting financial information and intercepting two-factor authentication 2FA messages. Singapore-headquartered Group-IB, which...

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in...

Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide

Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d aka Void. "It is a backdoor that puts its components in the system storage area and, when commanded by attacker...

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate...

Top 3 Threat Report Insights for Q2 2024

Cato CTRL Cyber Threats Research Lab has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato's global customers, between April and June 2024. Key Insights from the...

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister's Office and the Ministry of Foreign Affairs, cybersecurity compa...