Technology

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. “Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems Read More »

Scribe Platform: End-to-end Software Supply Chain Security

As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions – not only do they anticipate the continued expansion of attack surfaces in the

Scribe Platform: End-to-end Software Supply Chain Security Read More »

Hackers Using Vishing to Trick Victims into Installing Android Banking Malware

Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD),

Hackers Using Vishing to Trick Victims into Installing Android Banking Malware Read More »

Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. “An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related TIA Portal, while bypassing all four of its access level protections,” industrial cybersecurity

Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys Read More »

64,000 Additional Patients Impacted by Omnicell Data Breach – What is Your Data Breach Action Plan?

In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000.  Will you be the next victim like Omnicell? If you are overlooking the importance of data protection, attackers can

64,000 Additional Patients Impacted by Omnicell Data Breach – What is Your Data Breach Action Plan? Read More »

Google Rolling Out Passkey Passwordless Login Support to Android and Chrome

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. “Passkeys are a significantly safer replacement for passwords and other phishable authentication factors,” the tech giant said. “They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks.” The feature was first

Google Rolling Out Passkey Passwordless Login Support to Android and Chrome Read More »

Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative

Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug Read More »

Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. “This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing

Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals Read More »

The Latest Funding News and What it Means for Cyber Security in 2023

The White House has recently announced a $1 billion cyber security grant program that is designed to help state and local governments improve their cyber defenses, especially about protecting critical infrastructure. The recent executive order stems from the $1.2 trillion infrastructure bill that was signed almost a year ago. That bill allocated $1 billion for protecting critical infrastructure

The Latest Funding News and What it Means for Cyber Security in 2023 Read More »

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. “A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox,” GitHub said in an advisory published

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox Read More »

Scroll to Top