Month: April 2024
Apr 09, 2024NewsroomMalware / Cryptojacking Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked,…
Read More
Apr 09, 2024NewsroomBotnet / Vulnerability Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status.…
Read More
Diversity Cyber Council The nonprofit Diversity Cyber Council focuses on serving underrepresented groups within the tech industry. The organization’s mission revolves around facilitating training, education, and staffing opportunities to create a sustainable and inclusive talent pool for the cybersecurity workforce. The council aims to foster inclusion and representation within the tech industry through training, mentoring,…
Read Morealsendo_sp._z_o._o. — apaczka Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4. 2024-04-04 not yet calculated CVE-2024-2759cvd@cert.plcvd@cert.pl amphp — amphp/http-client amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it…
Read More
The use of AI in phishing attacks poses a significant threat in the digital landscape. As businesses face increasing challenges from threat actors exploiting AI capabilities, a multi-layered security strategy becomes imperative. This approach encompasses training employees to serve as human firewalls, adopting AI-based security technology to detect sophisticated attacks, implementing stronger authentication methods, and…
Read More
Apr 08, 2024NewsroomSoftware Security / Cybersecurity Google has announced support for what’s called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent “memory corruption in V8 from spreading within the host process.” The search behemoth…
Read More
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here are some of the best SCADA protection strategies to ensure your organization’s safety. Late last year, Pennsylvania’s Municipal Water Authority of Aliquippa…
Read More
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22%…
Read More
Apr 08, 2024NewsroomCybercrime / Network Security Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. “Latrodectus is an up-and-coming downloader with various sandbox evasion functionality,” researchers from Proofpoint and Team Cymru said in a joint analysis published last week,…
Read More
Upon filtering out the duplicate records, the total accounts breached amounted to nearly 8.5 million (specifically 8,460,182). USDoD is a repeat federal offender This isn’t the first time USDoD has sneaked into a federal system. Previously known as “NetSec” on RaidForums, USDoD has gained notoriety since the threat actor’s “#RaidAgainstTheUS” campaign targeting the US Army…
Read More