Category Added in a WPeMatico Campaign
February 22, 2024 End-to-end encrypted (E2EE) messaging app Signal said it’s piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers away from prying eyes. “If you use Signal, your phone number will no longer be visible to everyone you chat with …
Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private Read More »
February 22, 2024 On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired. Hospitals in three states were hit by a ransomware attack, and in that moment, the real-world repercussions came to light—it wasn’t just computer networks that were …
February 22, 2024 VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. “A malicious actor could trick a target domain user with EAP installed in their web browser into …
VMware Alert: Uninstall EAP Now – Critical Flaw Puts Active Directory at Risk Read More »
February 22, 2024 Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related disinformation. The activity has been linked to Russia-aligned threat actors by Slovak cybersecurity company ESET, which also identified a spear-phishing campaign aimed at a Ukrainian defense company in October 2023 and a European Union agency …
Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks Read More »
February 21, 2024 The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit’s source code as well as intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. “Some of the data on LockBit’s systems belonged to victims who had paid a ransom to the …
LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released Read More »
February 21, 2024 A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. “This particular campaign involves the use of a number of novel system weakening techniques against the data store itself,” Cado security researcher Matt Muir said in a technical report. The …
New Migo Malware Targeting Redis Servers for Cryptocurrency Mining Read More »
February 21, 2024 In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory. When organizations …
Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time Read More »
February 21, 2024 The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world’s most important guidelines for securing networks. It can be applied to any number of applications, including SaaS. One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. …
SaaS Compliance through the NIST Cybersecurity Framework Read More »
February 21, 2024 North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint advisory published by Germany’s Federal Office for the Protection of the Constitution (BfV) and South Korea’s National Intelligence Service (NIS), the agencies said the goal of the attacks is …
New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide Read More »
February 21, 2024 Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttper, were each downloaded 537 and 166 times, respectively, Article posted by: https://thehackernews.com/2024/02/new-malicious-pypi-packages-caught.html ——————————————————————————————————————– Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 …
New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics Read More »
