Browsing category
Any hacking group could be sentenced to 25 years in prison for their cyberattack campaigns targeting critical infrastructure in Australia. Under the new local legislation, proposed in a recently announced bill, Australian authorities will also be able to investigate hacking groups operating from abroad and request their extradition, as well as being able to seize […]
A security alert issued by the Federal Bureau of Investigation (FBI) signals the detection of a wave of the attack known as business email compromise (BEC) in which threat actors use social engineering, phishing and even artificial intelligence tools such as deepfake to intercept video call sessions such as Zoom and intercept bank transfers issued […]
Dozens of Mac device users report that the Zoom video conferencing app keeps their devices’ microphone on even when the app isn’t active. According to reports, the problem lies in the native zoom version in macOS Monterey, a version of the operating system that has a function to alert the user if their microphone or […]
Microsoft has developed multiple protection mechanisms against some popular hacking variants, including the malicious use of macros. Sometimes, threat actors send Office files in which affected users must enable macros to complete the attack, triggering malware download, information theft, and even remote access. Despite protection mechanisms (such as the bar indicating the disabling of macros), […]
In a recent report, the Federal Bureau of Investigation (FBI) Director Christopher Wray attributes responsibility for the largest cyberattack campaigns to the Chinese Communist Party, considering that for the current regime in the Asian giant there is no such thing as peace in cyberspace. Of all the investigations active at the FBI, more than 2,000 […]
A new research methodology has allowed specialists to track active vendors in several dark web platformsbased solely on how they write their ads and posts. Using stylometry, the experts were able to analyze thousands of identities of various suppliers in black markets and identify if these profiles correspond to specific people. This study involved the […]
Cybersecurity specialists from Akamai reported the detection of a malicious campaign based on the abuse of Universal Plug and Play (UPnP) protocols in order to hack routers and use them for cybercriminal purposes. The campaign was identified as Eternal Silence and turns the affected routers into a proxy server part of a cybercriminal infrastructure. It […]
This week, Microsoft security teams reported the discovery of a phishing campaign characterized by the inclusion of a novel technique that consists of attaching a malicious device to the network of the affected organization, trying to spread the infection. This campaign was detected in countries such as Australia, Indonesia, Singapore and Thailand. The cyberattack is […]
It is no secret to anyone that the most dangerous groups of threat actors in the world are always trying to evolve, making significant investments for the development of complex malware variants and the deployment of social engineering campaigns, so it is difficult to always stay protected from cyberattacks against computer systems, including smartphones. A […]
Updating all the software solutions that we use daily is one of the main cybersecurity practices, since it allows us to keep our systems always protected by applying the corrections that the manufacturers of these products prepare for the possible exploitation of security flaws. However, it is necessary to stay alert, as threat actors can […]
For almost five years, SecureList researchers reported the identification of an Advanced Persistent Threat (APT) group apparently linked to the infamous Lazarus Group and, unlike other similar groups, with obvious financial motivations, as seen during Bangladesh Central Bank attack back in 2016. Dubbed as BlueNoroff, this group had a huge malicious arsenal, including malware variants, […]
For various reasons, during the most recent months multiple illegal platforms on the dark web dedicated to the sale of stolen confidential information, drug trafficking, arms sales and other illicit practices have definitively stopped their operations, leaving behind dozens or hundreds of sellers and customers in total uncertainty, in addition to generating enormous doubts among […]
The European Space Agency (ESA) has announced a new program that expects to engage the cybersecurity community to keep critical space systems protected against potential security threats. This special event will take place during the annual Cysec conference, to be held next April. At this event, participants will have the opportunity to conduct security tests […]
In its latest security alert, the Federal Bureau of Investigation (FBI) warns U.S. citizens that those who have shared their phone numbers online could be affected by a Google Voice authentication scam. According to the Agency, hackers search for active phone numbers in all possible sources, including social networks, sales platforms and job boards. Google […]
Ghana’s National Service Secretariate – NSS – exposed 55GB worth of citizens’ data when an AWS S3 bucket used by the Secretariate suffered misconfiguration. VPNMentor’s cybersecurity researchers Noam Rotem and Ran Locar reported that Ghana’s National Service Secretariate – NSS – suffered a massive database misconfiguration that exposed data of up to 700,000 citizens from across […]
Walk-through metal detectors manufactured by well-known U.S.-based firm Garett are vulnerable to remote attacks, according to Cisco Talos. Researchers at Cisco Talos discovered as many as nine vulnerabilities in walk-through metal detectors manufactured by well-known U.S.-based firm Garett. According to researchers, if these flaws are exploited, the attacker can take the detectors offline, monitor, read, and modify […]
The patch was issued for CVE-2021-40444 to prevent the execution of code that downloaded the Microsoft Cabinet (CAB) archive containing a malicious executable. Sophos Labs researchers have shared their findings over how attackers used a novel exploit to bypass a patch for a crucial vulnerability impacting the Microsoft Office file format. Researchers revealed that the […]
The clients affected by the incident involving a misconfigured Amazon S3 bucket include Global 500 company Ericsson and Fortune 500 company Cisco. IT security researchers at Website Planet Security Team discovered a misconfigured Amazon S3 bucket that was owned by D.W. Morgan, a supply chain management and logistics giant D.W. Morgan. The company is headquartered […]
One of the users who received an email alert from LastPass stated that it warned them of an unauthorized login attempt using their account’s master password. LastPass password manager users were shocked when they received alerts about their accounts getting compromised during a hack attack. The company released a statement on December 28th stating that […]
According to Max Weinbach of Android Police, “Samsung is hosting literal malware on the Galaxy Store.” It is becoming harder and harder to evade online scams, especially those involving Android applications. According to an analysis from Android Police’s Max Weinbach, Samsung is hosting several infected Android apps on its official Galaxy Store that may insert […]
The IT security researchers at Google have declared the NSO zero-click iMessage exploit as “Terrifying.” Google Project Zero’s (GPZ) Ian Beer and Samuel Groß have shared details on a new exploit developed by the NSO Group that allows users (high-profile clients) of its software to access any iPhone and install spyware even when the victim […]