November 15, 2023 Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbed OracleIV. “Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named ‘oracleiv_latest’ and containing Python malware compiled as an …

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers Read More »

November 15, 2023 Have you heard about Dependabot? If not, just ask any developer around you, and they’ll likely rave about how it has revolutionized the tedious task of checking and updating outdated dependencies in software projects.  Dependabot not only takes care of the checks for you, but also provides suggestions for modifications that can …

CI/CD Risks: Protecting Your Software Development Pipelines Read More »

November 15, 2023 Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402, which is also known as Molerats, Gaza …

New Campaign Targets Middle East Governments with IronWind Malware Read More »

November 15, 2023 The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. “An important feature that sets it apart is that, unlike previous campaigns, which relied on …

Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers Read More »

November 15, 2023 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday added five vulnerabilities to the Known Exploited Vulnerabilities (KEV) …

CISA Sets a Deadline – Patch Juniper Junos OS Flaws Before November 17 Read More »

November 14, 2023 The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. “It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets …

New Ransomware Group Emerges with Hive’s Source Code and Infrastructure Read More »

November 14, 2023 Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and marketing initiatives.  These apps serve as the digital command centers for marketing Article …

Top 5 Marketing Tech SaaS Security Challenges Read More »

November 14, 2023 Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. “This activity is believed to be part of a long-term espionage campaign,” Palo Alto Networks Unit 42 researchers said in a report last week. “The observed activity aligns with geopolitical …

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations Read More »

November 14, 2023 Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink. The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind …

Major Phishing-as-a-Service Syndicate ‘BulletProofLink’ Dismantled by Malaysian Authorities Read More »