The Olympic Games, the FIFA World Cup, and the Super Bowl are just a few examples of iconic sporting events that showcase the global significance of the professional sports industry. But while professional sports stir passion and emotion among fans, cybercriminals couldn’t care less about the competitive aspects of sports or the feeling of community…
Read More
Mar 29, 2024NewsroomSupply Chain Attack / Threat Intelligence The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. It said “new project creation and new user registration” was temporarily halted to mitigate what it said was a “malware…
Read More
Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s…
Read More
An intended feature with security implications Last year security researchers from Bishop Fox found and reported five vulnerabilities in the Ray framework. Anyscale, the company that maintains the software, decided to patch four of them (CVE-2023-6019, CVE-2023-6020, CVE-2023-6021 and CVE-2023-48023) in version 2.8.1, but claimed that the fifth one, assigned CVE-2023-48022, was not really a…
Read More
“We’ve been having that debate in security for ten years,” he said. Efforts to centralize security systems have been around for just as long, he said, but for too long, the offerings peddled as “platforms” weren’t really anything of the sort — more bundles of interrelated products than true foundations for all-around security. That’s finally…
Read More
Iran launched its own campaign targeting Israel as the war commenced on October 7. Initially, Iran’s efforts were reactive, and its influence campaign focused on disseminating misleading information. Iranian and Iran-affiliated groups quickly grew more coordinated in their efforts, adding targeted cyberattacks to add to the confusion and mayhem about the situation on the ground.…
Read More
The U.S. government is escalating its response to the notorious BlackCat ransomware gang, announcing a substantial reward for information leading to the identification and location of key members. The $10 million offer comes after the group’s crippling attack on UnitedHealth Group’s Change Healthcare subsidiary, a technology hub that processes billions in insurance payments. The attack,…
Read More
Mar 28, 2024NewsroomLinux / Network Security A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised…
Read More
Mar 28, 2024NewsroomCyber Espionage / Malware The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country’s Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the ongoing criminal…
Read More
A sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by leveraging a massive network of more than 20,000 counterfeit domains to help cyber criminals launch attacks at scale. “Using iMessage and RCS rather than SMS to send text messages has the side effect of bypassing SMS firewalls,…
Read More