Technology

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. “Further, Kimsuky’s objective extends to the theft of subscription credentials from NK News,” cybersecurity firm SentinelOne said in a report shared with The

Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents’ knowledge or consent. “Our proposed order makes it easier for parents to protect

Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them. “Impacted ESG appliances must be immediately replaced regardless of patch version level,” the company said in an update, adding its “remediation recommendation at this time is full replacement of

Get exclusive insights from a real ransomware negotiator who shares authentic stories from network hostage situations and how he managed them. The Ransomware Industry Ransomware is an industry. As such, it has its own business logic: organizations pay money, in crypto-currency, in order to regain control over their systems and data. This industry’s landscape is

An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. “PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption,” according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023. “The name is derived from the tool,

Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular apps to redirect users to serve unwanted ads to users as part of a campaign ongoing since October 2022. “The campaign is designed to aggressively push adware to Android devices with the purpose to drive revenue,” Bitdefender

A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers. “The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the victim’s account by performing web injections into targeted cryptocurrency

Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with

Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergence continue to accelerate. Water treatment facilities, energy providers, factories, and chemical plants — the infrastructure that undergirds our daily lives could all be at risk. Disrupting or manipulating OT systems stands to pose real physical harm to

Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that’s designed to capture sensitive data from infected hosts. “The threat actor behind this [ransomware-as-a-service] promotes its offering on forums,” Uptycs said in a new report. “There it requests a share of profits from those engaging in malicious activities using its malware.”