Technology

Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It’s easy to see why you would assume that a directive from CISA just doesn’t relate to your organization. But, in the instance of the latest CISA directive, that would […]

A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well

A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes’ latest findings go into detail about the new tactics and tools adopted by the APT group

The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are warning of active exploitation of a newly patched flaw in Zoho’s ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities. Tracked as CVE-2021-44077 (CVSS score: 9.8), the issue relates to an unauthenticated, remote code

A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence. 34-year-old Aleksandr Grichishkin, along with Andrei Skvortsov, founded the bulletproof hosting service and rented its infrastructure to other

Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims’ bank accounts. Unlike other variants of banking malware that bank of overlay attacks to capture sensitive

The following article is based on a webinar series on enterprise API security by Imvision, featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization’s visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. Centralizing security is challenging in today’s open ecosystem

Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. “All frameworks are designed to perform some form of espionage, [and] all the frameworks used USB

Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. “These people are at the center of critical communities for public debate,”

Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF (aka Rich Text Format) template injection as part of their phishing campaigns to deliver malware to targeted systems. “RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and