Author: nlqip
The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data. ScarCruft (aka “APT37” or “RedEyes”) is a state-sponsored cyber-espionage threat actor known for targeting systems in South Korea and Europe, as well as North Korean human…
Read More
Scams Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details 15 Oct 2024 • , 5 min. read Many countries and regions across the world have been moving quickly on electric cars in recent years. Around 14 million new cars were registered in 2023 alone, a…
Read More
‘With this funding, we’re really focused on brand exposure and expansion in the U.S.,’ says Jamie Daum, Inforcer co-founder and CEO. ‘We’re attending key industry events and building relationships within the MSP communities.’ U.K.-based software company Inforcer has secured $19 million in Series A funding to support its rapid growth, product development and expansion into…
Read More
Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year ago, announcing today that over 175 million customers use the security feature. “Today, we’re excited to share that more than 175 million customers have enabled passkeys on their Amazon accounts, allowing them to sign in six-times faster than they…
Read More
Conventional wisdom suggests best-of-breed is the only way to secure your clouds. But what of hybrid attack paths that cross security domains — like those exploited in the SolarWinds and Capital One breaches? Exposing the gaps attackers exploit to move laterally requires visibility and context across security silos. Insidious attacks like those associated with the…
Read More
Oct 16, 2024Ravie LakshmananZero-Day / Windows Security The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that…
Read More
In today’s digital landscape, businesses face an ever-increasing number of cybersecurity threats. To combat these challenges, many organizations are turning to SOC as a Service provider. But what exactly is SOC as a Service, and what key features should you look for when choosing a provider? What is SOC as a Service? Before we…
Read More
Oct 16, 2024The Hacker NewsArtificial Intelligence / Cybercrime AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications Cybercriminals and AI: The Reality vs. Hype “AI will not replace humans in the near future. But humans who know how to use…
Read More
To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Let’s consider five that can greatly improve your threat investigations. Pivoting on С2 IP…
Read More
Oct 16, 2024Ravie LakshmananCyber Attack / Banking Trojan A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails. “The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most…
Read More