Information Security, Malware, Phishing and Technology

Information Security News headlines trending on Google

CyberSecurity Insiders

MAY 4, 2023

First is regarding a ‘Rapid Security Update’ that is being issued by Apple Inc to all iOS devices and applies to iPads and macOS. The technology giant confirmed that the update is a necessity and can be automatically updated as well, if the settings are tweaked.

Information Security

Information Security Healthcare Social Engineering Ransomware

UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

Security Affairs

JUNE 7, 2024

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR malware as part of a cyber espionage campaign dubbed SickSync. The Ukrainian CERT attributes the attack to the threat actor UAC-0020 which employed a malware called SPECTR as part of the campaign tracked as SickSync. ” reads the report from the CERT-UA.

Malware

Malware Cyber threats Cyber Attacks Software

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. Amidst this dynamic landscape, email stands as a primary battleground for cyber defense.

Phishing

Phishing Identity Theft Scams Malware

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats. — Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021.

Phishing

Phishing Banking Passwords Firewall

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. ” reads the analysis published by NTT Security.

Malware

Malware Phishing Passwords Media

What Is Residual Risk in Information Security?

Heimadal Security

APRIL 7, 2021

Cyberattacks have been happening for decades, but as we have become more dependent on digital technology and infrastructure and therefore create more value in […]. The post What Is Residual Risk in Information Security? appeared first on Heimdal Security Blog.

Information Security

Information Security Risk Cyber Attacks Technology

Threat actors leverage Microsoft Teams to spread malware

Security Affairs

FEBRUARY 17, 2022

Once an attacker obtained Microsoft 365 credentials, for example from a previous phishing campaign or data breach, that can access Teams and other Office applications. Once the attackers have gained access to an organization, they can determine defense solutions that are installed and use the proper malware to bypass existing protections. .

Malware

Malware Phishing Accountability Data breaches

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

Security Affairs

NOVEMBER 20, 2023

The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. “DarkCasino is an APT threat actor with strong technical and learning ability, who is good at integrating various popular APT attack technologies into its attack process.

Phishing

Phishing Financial Services Cryptocurrency Technology

Data Philosophy and Technology Combine for Better Endpoint Security

Security Boulevard

DECEMBER 29, 2022

When Ackoff wrote his article, computing technology was at the cusp of data and information. With the advent of advanced tools like big data analytics and artificial intelligence, one might make a bold statement that today, computing technology straddles the gap between information and knowledge. Ackoff, R.

Technology

Technology Artificial Intelligence Internet Internet

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

Security Affairs

MAY 28, 2021

The NOBELIUM APT is the threat actor that conducted supply chain attack against SolarWinds which involved multiple families of implants, including the SUNBURST backdoor , TEARDROP malware , GoldMax malware , Sibot , and GoldFinder backdoors. ” continues the report. Follow me on Twitter: @securityaffairs and Facebook.

Phishing

Phishing Threat Detection Telecommunications Malware

Charities and NGOs providing support in Ukraine hit by malware

Security Affairs

MARCH 6, 2022

Malware based attacks are targeting charities and non-governmental organizations (NGOs) providing support in Ukraine. Charities and non-governmental organizations (NGOs) that in these weeks are providing support in Ukraine are targeted by malware attacks aiming to disrupt their operations. ” reads the post published by Amazon.

Malware

Malware Phishing Hacking Government

Recent DarkGate campaign exploited Microsoft Windows zero-day

Security Affairs

MARCH 14, 2024

“The phishing campaign employed open redirect URLs from Google Ad technologies to distribute fake Microsoft software installers (.MSI) “The fake installers contained a sideloaded DLL file that decrypted and infected users with a DarkGate malware payload.” MSI) installers. In mid-February, U.S.

Phishing

Phishing Malware Software Internet

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Security Affairs

APRIL 9, 2024

Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files. The campaign is notable for its utilization of the BatCloak malware obfuscation engine and ScrubCrypt to distribute the malware through obfuscated batch scripts.

Engineering

Engineering Phishing Malware Hacking

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Downloaders , intended for the installation of additional malware,and backdoors , granting cybercriminals remote access to victims’ computers, also made it to top-3.

Phishing

Phishing Ransomware Spyware Banking

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

Nation-state actors are using AI services and LLMs for cyberattacks

Security Affairs

FEBRUARY 14, 2024

.” The researchers pointed out that at this time the attackers have yet to use LLMs to devise novel attacks, malicious use of LLMs observed by the researchers include: LLM-informed reconnaissance: Employing LLMs to gather actionable intelligence on technologies and potential vulnerabilities.

Social Engineering

Social Engineering Artificial Intelligence Phishing Engineering

Updated MATA attacks industrial companies in Eastern Europe

SecureList

OCTOBER 18, 2023

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The actors behind the attack used spear-phishing mails to target several victims, some were infected with Windows executable malware by downloading files through an internet browser.

Malware

Malware Phishing Internet Internet

Croatia government agencies targeted with news SilentTrinity malware

Security Affairs

JULY 7, 2019

Croatia government agencies have been targeted by unknown hackers with a new piece of malware tracked as SilentTrinity. A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. ” reads one of the alerts.

Government

Government Malware Computers and Electronics Advertising

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Security Affairs

DECEMBER 17, 2023

Threat actors launched a phishing attack against a former employee obtaining his credentials and access to the Ledger’s NPMJS account. that included a crypto drainer malware. Ledger’s technology and security teams were alerted and a fix was deployed within 40 minutes of Ledger becoming aware.” and 1.1.7).”

Phishing

Phishing Accountability Malware Authentication

FraudGPT, a new malicious generative AI tool appears in the threat landscape

Security Affairs

JULY 26, 2023

According to Netenrich, this generative AI bot was trained for offensive purposes, such as creating spear phishing emails, conducting BEC attacks, cracking tools, and carding. The author claims that FraudGPT can develop undetectable malware and find vulnerabilities in targeted platforms. ” concludes the report.

Artificial Intelligence

Artificial Intelligence Cybercrime Phishing Advertising

NFL Teams Up with Cisco to Secure Super Bowl LVI

Cisco Security

FEBRUARY 15, 2022

Cisco helped the NFL achieve a strong, continuously available and protected Super Bowl enterprise network through a mix of cloud and on-premises security technology, up-to-the-minute threat intelligence, and some of the industry’s most talented cybersecurity professionals. Integrated technology and intelligence .

Firewall

Firewall Technology Malware Network Security

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

The Last Watchdog

NOVEMBER 28, 2023

The study, conducted by independent research firm Propeller Insights, dives into how IT business leaders feel about their security posture in a world where the technologies they embrace to grow and thrive are also vulnerable to constant and increasing threats. Human error is among the top causes of security breaches.

Cyber Risk

Cyber Risk Risk B2B Social Engineering

APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries

Security Affairs

AUGUST 17, 2023

Russia-linked APT29 used the Zulip Chat App in attacks aimed at ministries of foreign affairs of NATO-aligned countries EclecticIQ researchers uncovered an ongoing spear-phishing campaign conducted by Russia-linked threat actors targeting Ministries of Foreign Affairs of NATO-aligned countries. ” concludes the report.

Phishing

Phishing Small Business Malware Government

Truths and Myths of Privacy, Fake Shopping Apps, Borat RAT Malware

Security Boulevard

APRIL 10, 2022

Plus, details on a new attack using fake shopping apps and how a new malware toolkit called “Borat RAT” is […]. The post Truths and Myths of Privacy, Fake Shopping Apps, Borat RAT Malware appeared first on The Shared Security Show.

Malware

Malware Social Engineering Scams Engineering

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

And when malware, ransomware, or other cyber threats get in the way, the focus shifts from forward progress to focused co-operation. A security strategy should clear obstacles and enable every part of a business operation to run smoothly. Business initiatives demand faster, more efficient outcomes and technology responds.

Risk

Risk Cybersecurity Technology CISO

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware

Spyware Hacking Malware Social Engineering

WormGPT, the generative AI tool to launch sophisticated BEC attacks

Security Affairs

JULY 16, 2023

WormGPT is advertised on underground forums as a perfect tool to carry out sophisticated phishing campaigns and business email compromise (BEC) attacks. Bard imposes almost no restrictions on the creation of phishing emails, leaving room for potential misuse and exploitation of this technology. ” concludes the report.

Artificial Intelligence

Artificial Intelligence Cybercrime Phishing Technology

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

ENISA: Ransomware became a prominent threat against the transport sector in 2022

Security Affairs

MARCH 22, 2023

During the period covered by the report, the expert identified the following prime threats: ransomware attacks (38%), data related threats (30%), malware (17%), denial-of-service (DoS), distributed denial-of-service (DDoS) and ransom denial-of-service (RDoS) attacks (16%), phishing / spear phishing (10%), supply-chain attacks (10%).

Ransomware

Ransomware DDOS Cyber threats Phishing

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Security Affairs

DECEMBER 11, 2020

Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. APT32 also carried out watering hole attacks through compromised websites or their own sites.

Retail

Retail Malware Mobile Accountability

China-linked Space Pirates APT targets the Russian aerospace industry

Security Affairs

MAY 19, 2022

A previously unknown Chinese cyberespionage group, tracked as ‘Space Pirates’, targets enterprises in the Russian aerospace industry with spear-phishing attacks. The attacks were first discovered by researchers at Positive Technologies in 2019, the phishing messages contained a link to previously undetected malware.

Malware

Malware Phishing Government Hacking

UAC-0142 APT targets Ukraine’s Delta military intelligence program

Security Affairs

DECEMBER 20, 2022

Ukraine’s CERT-UA revealed the national Delta military intelligence program has been targeted with a malware-based attack. The spear phishing messages were sent from a compromised e-mail address belonging to an employee of the Ministry of Defense, as well as messengers. . ” states the Ukrainian military.

Malware

Malware Internet Internet Technology

Defending Against the Threats to Our Security

SecureWorld News

JULY 3, 2023

As we rely increasingly on digital technologies for our work, communication, entertainment, and education, we also expose ourselves to more and more cyber risks. Cyberattacks can devastate individuals, businesses, and even nations, affecting our privacy, security, and economy. Phishing emails are more common than you know.

Cybercrime

Cybercrime Social Engineering Data breaches Education

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted supply chain attack against SolarWinds, which involved multiple families of implants, including the SUNBURST backdoor , TEARDROP malware , GoldMax malware , Sibot , and GoldFinder backdoors. ” states Microsoft.

Telecommunications

Telecommunications Technology Hacking Malware

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

Since August, FIN11 started targeting organizations in many industries, including defense, energy, finance, healthcare, legal, pharmaceutical, telecommunications, technology, and transportation. Researchers from FireEye’s Mandiant observed FIN11 hackers using spear-phishing messages distributing a malware downloader dubbed FRIENDSPEAK.

Ransomware

Ransomware Malware Telecommunications Advertising

Smart TV Scams: How to Avoid the Growing Threat

Identity IQ

SEPTEMBER 21, 2023

But like we’ve seen with other groundbreaking technology that, on the surface, appears to make our lives better, there can be a dark side. Granting access can lead to the installation of malware on the TV, which can compromise sensitive personal information. Remote access. Gift card payments.

Scams

Scams Identity Theft Phishing Software

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

With 85% of campaigns targeting victims with phishing emails containing malicious links, another form of a social engineering attack, education and cyber vigiliance remain a high priority. Why should employers educate employees about cyber security? This method was identified as vishing – a voice-based phishing attack.

Social Engineering

Social Engineering Ransomware Engineering Phishing

School district IT leaders grade their handling of past malware attacks

SC Magazine

MARCH 15, 2021

The school districts of Rockford, Illinois and Rockingham County, North Carolina learned some very valuable lessons in transparency and communication, timely incident response, access management, data redundancy and disaster recovery after each experienced a debilitating malware attack years ago. Rockingham County, North Carolina.

Malware

Malware Backups Education Ransomware

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

APRIL 26, 2024

Emerging threats Cybercrime often exploits precisely the lack of regulation and centralized controls of cryptocurrencies to deceive investors and embezzle funds through various forms of phishing, investment scams, digital wallet theft, ransomware, and illegal mining. Education improves awareness” is his slogan.

Cryptocurrency

Cryptocurrency Cybercrime Education Scams

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

. “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.” ” states the alert.

Ransomware

Ransomware Hacking Malware Encryption

Black Hat USA 2021 Network Operations Center

Cisco Security

AUGUST 12, 2021

For several years, Cisco Secure provided DNS visibility and architecture intelligence with Cisco Umbrella and Cisco Umbrella Investigate ; and automated malware analysis and threat intelligence with Cisco Secure Malware Analytics (Threat Grid) , backed by Cisco Talos Intelligence and Cisco SecureX. Cisco Technologies.

DNS

DNS Firewall Phishing Mobile

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. In addition, the likelihood of the data being used for phishing and social engineering increases. . Malware-as-a-service: a greater number of cookie-cutter attacks, more complex tools.

Media

Media Social Engineering Ransomware Hacking

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. . ” reads the joint report. The US government operation blocked access to the routers by Russian cyberspies.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Nobelium APT targets French orgs, French ANSSI agency warns

Security Affairs

DECEMBER 6, 2021

The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted supply chain attack against SolarWinds, which involved multiple families of implants, including the SUNBURST backdoor , TEARDROP malware , GoldMax malware , Sibot , and GoldFinder backdoors.

Phishing

Phishing Telecommunications Government Accountability

Information Security News headlines trending on Google

UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

Trending Sources

Unmasking 2024’s Email Security Landscape

HTML Smuggling technique used in phishing and malspam campaigns

China-linked BlackTech APT uses new Flagpro malware in recent attacks

What Is Residual Risk in Information Security?

Threat actors leverage Microsoft Teams to spread malware

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

Data Philosophy and Technology Combine for Better Endpoint Security

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

Charities and NGOs providing support in Ukraine hit by malware

Recent DarkGate campaign exploited Microsoft Windows zero-day

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Nation-state actors are using AI services and LLMs for cyberattacks

Updated MATA attacks industrial companies in Eastern Europe

Croatia government agencies targeted with news SilentTrinity malware

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

FraudGPT, a new malicious generative AI tool appears in the threat landscape

NFL Teams Up with Cisco to Secure Super Bowl LVI

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries

Truths and Myths of Privacy, Fake Shopping Apps, Borat RAT Malware

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

WormGPT, the generative AI tool to launch sophisticated BEC attacks

Google TAG warns of Russia-linked APT groups targeting Ukraine

ENISA: Ransomware became a prominent threat against the transport sector in 2022

Facebook links cyberespionage group APT32 to Vietnamese IT firm

China-linked Space Pirates APT targets the Russian aerospace industry

UAC-0142 APT targets Ukraine’s Delta military intelligence program

Defending Against the Threats to Our Security

Russia-linked Nobelium APT targets orgs in the global IT supply chain

FIN11 gang started deploying ransomware to monetize its operations

Smart TV Scams: How to Avoid the Growing Threat

Ransomware realities in 2023: one employee mistake can cost a company millions

School district IT leaders grade their handling of past malware attacks

Cryptocurrencies and cybercrime: A critical intermingling

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Black Hat USA 2021 Network Operations Center

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Nobelium APT targets French orgs, French ANSSI agency warns

Stay Connected