Tag: computer security

Sep 11, 2024Ravie LakshmananCyber Crime / Hacking The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9,…

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, “If it sounds too good to be true, it probably is.”  If your organization is like many, you may be contemplating a move to…

Sep 11, 2024Ravie LakshmananMalware / Software Development Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. “The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews,” ReversingLabs researcher…

Sep 11, 2024Ravie LakshmananEnterprise Security / Vulnerability Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows – CVE-2024-29847 (CVSS score: 10.0) – A deserialization of untrusted data vulnerability that allows…

Sep 11, 2024Ravie LakshmananWindows Security / Vulnerability Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important,…

The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub. “CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved,” ESET researcher Jakub…

Sep 10, 2024Ravie LakshmananMalware / Cyber Espionage A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort. Cybersecurity firm Sophos, which has been monitoring the cyber…

A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the “audio gap” and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen. “Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0…

Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers. Shadow apps may include instances of software that the company is already using. For…

Sep 10, 2024Ravie LakshmananCyber Attack / Malware The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro. The cybersecurity firm, which is monitoring the activity cluster under the name Earth…