News Blog
[ad_1] Dec 14, 2023NewsroomVulnerability / Data Breach A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023. “GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable…
[ad_1] Threat actors affiliated with the Russian Foreign Intelligence Service (SVR) have targeted unpatched JetBrains TeamCity servers in widespread attacks since September 2023. The activity has been tied to a nation-state group known as APT29, which is also tracked as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes. It’s notable for…
[ad_1] Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making. This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining…
[ad_1] Dec 14, 2023NewsroomMalware / Cyber Espionage The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of…
[ad_1] Dec 14, 2023NewsroomMalware / Threat Analysis A pro-Hamas threat actor known as Gaza Cyber Gang is targeting Palestinian entities using an updated version of a backdoor dubbed Pierogi. The findings come from SentinelOne, which has given the malware the name Pierogi++ owing to the fact that it’s implemented in the C++ programming language unlike…
[ad_1] Dec 14, 2023NewsroomMalware / Supply Chain Attack Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor. “In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple…
[ad_1] Dec 15, 2023NewsroomBlockchain / Internet of Things A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel. “The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with…
[ad_1] Dec 15, 2023NewsroomPrivacy / User Tracking Google on Thursday announced that it will start testing a new feature called “Tracking Protection” beginning January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit “cross-site tracking by restricting website…
[ad_1] Dec 15, 2023NewsroomVulnerability / Software Security Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings…
[ad_1] Dec 26, 2023NewsroomMalware / Cybercrime The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. “The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness,” cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. “Carbanak…