cyber security updates

March 28, 2023Ravi LakshmanaEnhanced persistent threat The Advanced Persistent Threat Team (APT), which has experience targeting India and Afghanistan, has been linked to a new phishing campaign powered by the Action RAT. According to Cyble, who credited the operation SideCopy:The cluster of activities is intended to target the Defense Research and Development Organization (DRDO), the … Read more

March 28, 2023Ravi LakshmanaRansomware / Endpoint Security Multiple threats have been observed using two new versions of the IcedID malware in the wild, with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, began operating as a banking trojan in 2017. It is also capable of delivering additional … Read more

March 28, 2023The Hacker NewsPen Testing / Artificial Intelligence Malicious actors are constantly adapting their tactics, techniques, and procedures (TTP) to rapidly adapt to political, technological, and regulatory changes. A few emerging threats that organizations of all sizes should be aware of include the following: Increasing use of artificial intelligence and machine learningMalicious actors are … Read more

March 28, 2023Ravi LakshmanaMalware attack / hacking attack A new phishing campaign aims to distribute the Remcos RAT and Formbook to European organizations via a malware loader called. DBatLoader:. “Malware payloads are distributed through WordPress sites that have authorized SSL certificates, a common tactic used by threat actors to evade detection engines,” Zscaler researchers Megraj … Read more

March 28, 2023Ravi LakshmanaSpyware / Cyber ​​Security US President Joe Biden on Monday signed an executive order limiting the use of commercial spyware by federal government agencies. The order states that the spyware ecosystem “poses significant counterintelligence or security risks to the United States government or significant risks of improper use by a foreign government … Read more

March 28, 2023Ravi LakshmanaMobile security On Monday, Apple released fixes for a security flaw that was actively exploited for older iPhone and iPad models. Issue tracked as: CVE-2023-23529refers to a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was initially patched by the tech giant with improved … Read more

Conor Brian Fitzpatrick, the 20-year-old founder and administrator of the now-defunct BreachForums, has been formally charged in the US with conspiracy to commit access device fraud. If convicted, Fitzpatrick, who goes by the online moniker “pompompurin,” faces a maximum sentence of up to five years in prison. He was arrested on March 15, 2023. “Cybercrime … Read more

March 27, 2023The Hacker NewsSaaS Security: Single sign-on (SSO) is an authentication method that allows users to authenticate themselves to multiple applications with only one set of credentials. From a security perspective, SSO is the gold standard. It secures login without forcing users to remember multiple passwords and can be further secured by MFA. Furthermore, … Read more

March 27, 2023Ravi LakshmanaData security / endpoint security A new information-stealing malware has set its sights on Apple’s macOS operating system to harvest sensitive information from compromised devices. Pair up MacStealer:, is the latest example of a threat that uses Telegram as a command and control (C2) platform to exfiltrate data. It primarily affects devices … Read more

March 27, 2023Ravi LakshmanaPrivacy / Windows Security Microsoft has released an out-of-band update to address a privacy-violating flaw in the screenshot editing tool in Windows 10 and Windows 11. It issueto couple aCropalypsecould allow malicious actors to recover edited portions of screenshots, potentially exposing sensitive information that may have been cut. Followed as: CVE-2023-28303, the … Read more