New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed "NAME:WRECK" by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the securitySource...

Continuar lendo

Hackers Using Website’s Contact Forms to Deliver IcedID Malware

Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. "The emails instruct recipients to click a link to reviewSource...

Continuar lendo

BRATA Malware Poses as Android Security Scanners on Google Play Store

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firmSource...

Continuar lendo

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers. It is believedSource...

Continuar lendo

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulledSource...

Continuar lendo

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI). Targets with successful attempts included Zoom, AppleSource...

Continuar lendo

What Does It Take To Be a Cybersecurity Researcher?

Behind the strategies and solutions needed to counter today's cyber threats are—dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys.  But what drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity analysts fromSource...

Continuar lendo

Hackers Tampered With APKPure Store to Distribute Malware Apps

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In an incident that's similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting usersSource...

Continuar lendo

Alert — There’s A New Malware Out There Snatching Users’ Passwords

A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development. "Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It wasSource...

Continuar lendo

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices. For organizations that work along the DoD supply chain, thisSource...

Continuar lendo