Technology

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems. The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding the malicious build files came embedded with encoded executables and shellcode that deploy backdoors,

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly Read More »

Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal

Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has created

Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal Read More »

Report to Your Management with the Definitive ‘Incident Response for Management’ Presentation Template

Security incidents occur. It’s not a matter of ‘if’ but of ‘when.’ There are security products and procedures that were implemented to optimize the IR process, so from the ‘security-professional’ angle, things are taken care of. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process

Report to Your Management with the Definitive ‘Incident Response for Management’ Presentation Template Read More »

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons

Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms with an aim to steal financial information from their users. “These web shells known as Smilodon or Megalodon are used to dynamically load JavaScript skimming code via

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons Read More »

Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards

Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what’s the latest in a long list of cybercrimes capitalizing on the coronavirus pandemic. “A new and troubling phenomenon is that consumers are buying COVID-19 vaccines on the black market due to the increased demand around the world,” said Anne An,

Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards Read More »

Can Data Protection Systems Prevent Data At Rest Leakage?

Protection against insider risks works when the process involves controlling the data transfer channels or examining data sources. One approach involves preventing USB flash drives from being copied or sending them over email. The second one concerns preventing leakage or fraud in which an insider accesses files or databases with harmful intentions. What’s the best

Can Data Protection Systems Prevent Data At Rest Leakage? Read More »

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks

Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data. Called FragAttacks (short for FRgmentation and AGgregation attacks), the weaknesses impact all Wi-Fi security protocols, from Wired Equivalent Privacy (WEP) all the way to Wi-Fi

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks Read More »

Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations

The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data if their ransom demands are not met. “The negotiations reached a dead end, the amount we were offered does not suit us,

Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations Read More »

Latest Microsoft Windows Updates Patch Dozens of Security Flaws

Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one is listed as Moderate in severity. Three of the vulnerabilities are

Latest Microsoft Windows Updates Patch Dozens of Security Flaws Read More »