Sep 13, 2024Ravie LakshmananSoftware Security / Threat Intelligence Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS…
Read More
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible. However, most tools available on the market today cannot offer a complete defense against this attack vector because they…
Read More
A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has…
Read More
Sep 13, 2024Ravie LakshmananFinancial Fraud / Mobile Security Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims’ banking credentials. “The mechanisms include using malformed ZIP files in combination with JSONPacker,” Cleafy security researchers…
Read More
Sep 13, 2024Ravie LakshmananEnterprise Security / Vulnerability Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. “When Hadooken is executed, it drops a Tsunami malware…
Read More
Image: Midjourney Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices. The Android Open Source Project (AOSP) is an open source operating system led by Google that can be used on mobile, streaming, and IoT devices. In…
Read MoreImage: Midjourney Threat actors have infected over 1.3 million Android TV streaming boxes with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices. Android TV is Google’s operating system for smart TVs and streaming devices, offering an optimized user interface for TVs and remote navigation, integrated Google Assistant, built-in Chromecast,…
Read More
The credit card firm is getting into the threat intelligence business with the $2.65 billion acquisition. Credit card firm Mastercard announced Thursday it is getting into the threat intelligence business with the planned acquisition of Recorded Future. The acquisition price for the 15-year-old company is $2.65 billion, Mastercard disclosed. [Related: 5 Major Security Vendors That…
Read More
Microsoft seeks ‘to raise the bar on our operational excellence,’ CEO and Chairman Satya Nadella said in a statement. Microsoft has a new chief operating officer and executive vice president tasked with helping the vendor “drive continuous business process improvement across all our organizations and accelerate our company-wide AI transformation, increasing value to customers and…
Read More
The FBI says that 2023 was a record year for cryptocurrency fraud, with total losses exceeding $5.6 billion, based on nearly 70,000 reports received through the Internet Crime Complaint Center (IC3). This marks a 45% increase in losses compared to the previous year, driven primarily by investment fraud, which accounted for 71% of the total…
Read More