Cyber threats

Profitable companies targeted by cybercriminals: risks and impacts of cybercrimeAnalysis by the American Enterprise Institute reveals how large companies with significant financial resources are preferred targets for cyber attacks, with serious economic repercussions on the entire...Research by the American Enterprise Institute (AEI) think tank has shown that cybercriminals tend to attack highly profitable companies with abundant cash reserves and which invest generously in advertising. Analysis of cyber attacks from January 1999 to January 2022 suggests that cyber threat actors...

Volt Typhoon: the emerging chinese cyber-espionage threatDetailed analysis reveals advanced hacking techniques used by Volt Typhoon, a new chinese cyber-espionage group, also known as Vanguard PandaA new Chinese state actor in the cyber warfare landscape, known as Volt Typhoon, has been recently discovered and has been active since 2020. This group of hackers has shown unprecedented operational techniques to maintain remote access to its targets. The findings come from CrowdStrike, which keeps...

Cyber security: six new vulnerabilities in the US Agency catalogApple, VMware and Zyxel involved: CISA's list of known and exploited vulnerabilities is updated with six new flaws highlighted by cyber espionage activitiesThe US Information Security and Infrastructure Security Agency (CISA) recently updated its catalog of Known and Exploited Vulnerabilities (KEV), including six new flaws. The decision was made based on evidence of active exploitation of the vulnerabilities.Three Apple vulnerabilities, two in VMware and...

Financial scam: courier companies in the crosshairsNew online threat: Zerodha CEO reveals alarming fraud exploiting FedEx and Blue Dart namesFinancial fraud, increasingly sophisticated in the age of the pervasive internet, has become a regular phenomenon. The latest in chronological order involves courier companies, with a scam that is rapidly spreading.Under the name of FedEx: a worrying example from the CEO of ZerodhaNithin Kamath, co-founder...

Firmware backdoor discovered in Gigabyte motherboards: what to do to protect dataThe security risk to your personal data is high: here's what to do to prevent unauthorized accessA firmware backdoor has been discovered in several motherboards manufactured by Gigabyte, one of the world's largest manufacturers. The firmware backdoor would be present on 271 motherboard models, including the most used ones for high-end gaming PCs from the Aorus and Gaming brands. PCs that use these...

MULTI#STORM: new phishing attack targets India and the United StatesSophisticated cyber attack using JavaScript files exploits RATs like Warzone and Quasar to compromise digital systems, creating pitfalls for unwitting usersA recent phishing campaign, identified as MULTI#STORM, has launched a targeted attack on India and the United States. Using JavaScript files, the attack aims to introduce remote access Trojans into compromised systems. Securonix researchers, including Den Iuzvyk, Tim Peck, and Oleg Kolesnikov, noted...

Russian hackers attack ukrainian infrastructure: Roundcube software is the targetRussian APT group exploits open-source webmail vulnerabilities to infiltrate ukrainian government and military entitiesA well-known Advanced Persistent Attack (APT) group, linked to the Russian government, has been discovered exploiting security vulnerabilities in the open-source email software Roundcube to spy on organizations in Ukraine. These include government institutions and military entities involved in aviation...

Diicot cybercriminals unleashing a new wave of DDoS attacksRomanian threat actor Diicot exhibits enhanced capabilities and diversified attack strategies, posing significant cybersecurity concernsIn the realm of cybersecurity, researchers have unearthed some new payloads that have not been recorded before, tied to a Romanian cyber threat group referred to as Diicot. This group is suspected to be capable of initiating distributed denial-of-service (DDoS) attacks. The name Diicot carries significant...

Mystic Stealer - the new emerging cyberthreatSophisticated malware for rent on hacking forums and the darknet, with worrying impact on browsers, cryptocurrencies and password managersSince April 2023, an emerging malware called Mystic Stealer has been rapidly spreading among the cybercriminal community. This malicious software is offered for rent for $150 a month on darknet hidden markets and hacking forums. Its victims include 40 web browsers, 70 browser extensions, 21 cryptocurrency...

Safe surfing in the sea of telecommuting: 10 key cyberthreatsDiscover the most frequent risks of remote working to protect your data and keep your digital security barrier strongWith the rise of remote working, catalysed by the Covid-19 pandemic, cybersecurity has become critical for businesses. While telecommuting offers work flexibility and cost savings, it also introduces a number of cybersecurity risks that need to be addressed. In this article, we'll explore the 10 most...

Misinformation and cybersecurity: the dark connectionDeciphering the role of disinformation in cybersecurity threats and social engineeringThe global landscape is increasingly subject to the phenomenon of disinformation, which has caused many discussions over the years. Prominent politicians, such as Donald Trump with his constant claims of "fake news" or Vladimir Putin with his provocative rhetorical style, have fueled this issue. Furthermore,...

Diicot: from cryptojacking to DDoS attacksRomanian threat group extends its capabilities: new attack strategy details and defense adviceCybersecurity researchers have identified previously undocumented workloads linked to Diicot, a Romanian threat group, highlighting the group's potential to launch Distributed Denial of Service (DDoS) attacks. The name Diicot has a certain relevance, as it coincides with the name of the Romanian police...

Innovation in cybercrime in the post-pandemic eraAttackers adapt to new technological realities: from the decay of Office macros to the rise of multi-factor authentication bypass and cloud threatsAs COVID-19-related medical and economic measures have eased, attackers have had to reinvent themselves to find new ways to make money, honing their social engineering skills, commodifying once-sophisticated attacking techniques, and creatively seeking new opportunities in unexpected. In 2022, the cyber-attack...

Boom of SMS scams: 330 million dollars lost in the last year aloneFTC report shows a worrying increase in message scams: FBI and cybersecurity experts share tips on how to recognize and prevent themThe report released last week by the Federal Trade Commission (FTC) reveals a disturbing reality: SMS scams have caused economic damage in excess of $ 330 million in the last year alone. This figure marks a notable increase from the previous year's 131 million and the 86 million recorded in 2020.Smishing:...

Fraudulent GitHub intrusion: fake accounts spread malwareA network of fake researchers is using GitHub to spread malicious code masquerading as proofs of concept for unknown vulnerabilitiesSeveral fake GitHub accounts associated with a fraudulent cybersecurity firm have been spotted for spreading malicious repositories on the code hosting service. Seven of these repositories, still accessible at the time of writing, pose as test exploits (PoCs) for alleged zero-day vulnerabilities in Discord,...

BatCloak: the new malware invisible to antivirusesIn the digital criminal underground, BatCloak emerges as an essential tool for obfuscating malicious codeSince September 2022, a new malware named BatCloak has attracted the attention of cybercriminals for its advanced obfuscation features, making it virtually undetectable by traditional antivirus solutions. BatCloak is distinguished by its ability to transform malicious code into "evasive" versions, making...

Dark Frost Botnet: the silent threat behind gaming industry disruptionsUnmasking the perpetrator behind the threat: a comprehensive dissection of its devastating structure, goals, and capabilitiesUnusual activity from a specific application piqued the interest of the Akamai company, prompting them to investigate. Noticing a series of unusual HTTP requests and binaries labeled "roof", Akamai began technical analysis. While initial scans using various third-party tools failed to reveal any nefarious...

The US fears Chinese attacks on critical infrastructureIn a climate of growing tension, US authorities predict potential sabotage of their infrastructure by Chinese hackersA senior US cybersecurity official on Monday expressed concern about the likelihood that Chinese hackers could disrupt critical US infrastructure, such as pipelines and railroads, in the event of a conflict with the United States. In a speech at the Aspen Institute in Washington, the Director of the...

New spectralviper backdoor used in an attack against vietnamese public companiesUsing open source projects as a malware customization strategyA new backdoor named Spectralviper has been used in an attack on Vietnamese public companies. Elastic Security Labs has discovered that it is a previously unknown, highly obscured 64-bit backdoor that provides PE upload and injection, file upload and download, file and directory manipulation, and the...

Microsoft detects multi-stage cyber attacks on banks and financial organizationsNew multi-stage phishing and email compromise are among the top threats reportedMicrosoft has identified a series of multi-stage phishing and corporate email compromise (BEC) cyber-attacks on banks and financial organizations. The attacks were carried out through a compromised trusted provider and followed up with multiple compromise attacks involving multiple organizations. The...

June 2023 Android security updates: fix critical vulnerability CVE-2022-22706Fixed a serious vulnerability that put the security of mobile devices at riskGoogle has released the Android Security Bulletin for June 2023, which contains fixes for 56 vulnerabilities found in its operating system, across all its versions 11 to 13. Among the 56 vulnerabilities, 5 were classified as critical. Exploiting vulnerabilities can lead to attacks of various nature,...

Stealth Soldier espionage malware strikes in North AfricaConstantly evolving highly targeted and personalized attacksA new custom backdoor, called the Stealth Soldier, has been used as part of a set of highly targeted espionage attacks in North Africa. Check Point, a cybersecurity firm, stated in a technical report that the Stealth Soldier malware is an undocumented backdoor that mainly operates on surveillance functions,...

Countering the CL0P ransomware group: recommendations from CISA and the FBIHow to defend against cyber attacks: prevention, detection and protection of digital assets in the crosshairs of cybercriminalsThe Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently issued a series of recommendations with the aim of protecting organizations from possible attacks perpetrated by the CL0P Ransomware Group. On Wednesday, CISA announced new cybersecurity...

The challenge of cybersecurity: defending against AI threats and exploiting their opportunitiesIn-depth analysis of new threats and innovative strategies of effective proactive defense based on artificial intelligenceTechnologies based on artificial intelligence (AI) are rapidly transforming the world, but at the same time, they represent a source of cybersecurity risk. New cyber threats are increasingly sophisticated thanks to the ease of access to tools and methodologies that were unthinkable until recently. Furthermore,...

Illegitimate extensions and the satacom downloader: a new crypto-stealing malware menaceHow the recent malware campaign abuses Chromium-based browsers and targets leading cryptocurrency platformsA new malicious software operation has been recently identified, utilizing the Satacom downloader as a vehicle to disseminate covert malware, aimed at covertly extracting cryptocurrencies through an illicit extension for Chromium-based web browsers. The primary objective of the virus, delivered through...

Verizon 2023: an explosion of ransomware attacks and cyber threatsVerizon data breaches report highlights rising wave of ransomware attacks, rising related costs, and importance of the human rlement in security breachesOn Tuesday, Verizon released its 16th Annual Data Breaches Report (DBIR). This report provides organizations with valuable insights from incidents analyzed by its Threat Research and Advisory Center. The DBIR is among the most anticipated reports in the cybersecurity industry, given the analysis of a...

Cyclops ransomware: new threats emerge with data theft capabilitiesA sophisticated cybercrime strategy carries out cross-platform attacks, affecting Windows, macOS and Linux with theft of sensitive dataThreats related to Cyclops ransomware have been observed offering malware designed to capture sensitive data from infected hosts. The notorious ransomware is notable for its ability to target all major desktop operating systems, including Windows, macOS, and Linux. It is also designed to terminate any...

Discovered over 30 malicious extensions in the Chrome Web StoreThe extensions, used by millions of users, contained malicious code aimed at displaying unsolicited ads and manipulating search resultsRecently, security experts identified more than 30 malicious extensions that had infiltrated the Chrome Web Store, possibly infecting millions of users. The discovery was initially made by security researcher Wladimir Palant, who three weeks ago realized that the PDF Toolbox extension for Chrome contained...

New web skimmer attack: Akamai reveals threat to e-commerce sitesAkamai investigation exposes growing harmfulness of e-skimming techniques, putting personal data and credit card information at riskAkamai, a leading cybersecurity company, has recently detected a sophisticated Magecart-style web skimming campaign targeting the theft of Personally Identifiable Information (PII) and credit card data from e-commerce portals. During the operation, attackers use a combination of evasive strategies including...

From IT outsourcing to hack-for-hire: the new face of India's digital marketHow cybermercenaries are revolutionizing India's tech industry, amidst security threats and market opportunitiesThe global IT outsourcing market has undergone a drastic evolution. Initially, it was dominated by the migration of IT services of American and European multinational companies to Indian companies, thanks to the combination of technical expertise and lower costs. However, with the advent of artificial...

The race for artificial intelligence: Josh Lospinoso's alarmThe cybersecurity expert highlights the threats of AI and the need for security in military and commercial operationsBefore founding his current startup, Shift5, which works with the US military, railway operators and airlines such as JetBlue, Josh Lospinoso had already created a cybersecurity startup that was purchased in 2017 by Raytheon/Forcepoint. A former Army captain and 2009 West Point graduate, Lospinoso spent...

SQL injection vulnerability affects MOVEit Transfer: A security appealProgress software confirms a serious risk for organizations. Researchers and security professionals investigate the impact of the incidentThe Progress Software company recently updated a security advisory confirming the existence of a SQL Injection vulnerability in the MOVEit Transfer web application. Although a CVE number has not yet been assigned, this vulnerability could allow an unauthenticated attacker to gain unauthorized access...

The growing threat of cyberattacks in the automotive sectorModern vehicle technologies accentuate vulnerability to cyber risks, creating urgent safety challenges in the future of motoringIn the digital age, vehicles, especially those with sophisticated electronic systems, are becoming increasingly exposed to the risks of cyber attacks. The threat is not just limited to electric cars, but also extends to modern sedans and utility vehicles, which are capable of being hacked. This danger...

5G networks: discover the risks and how to mitigate themFrom slow 5G deployment to cybersecurity challenges, we explore the 5G landscape and offer strategies to protect your devicesThe introduction of 5G networks has proved to be a slower process than expected. Although the concept was unveiled in 2016, its global availability was only achieved in 2019. Four years later, the share of the population with 5G-enabled devices remains low in most countries. It is unclear whether the...

Critical flaw discovered in the ReportLab Toolkit: remote code execution riskAn exploit for a ReportLab vulnerability, used to generate PDFs from HTML, puts millions of users at risk. A security update is availableA researcher has revealed a hands-on experiment of a flaw that allows remote code execution, known as RCE, that affects the ReportLab Toolkit. This tool, a Python library widely used by many projects to convert HTML files to PDF, has a monthly download volume of about 3.5 million on the PyPI (Python...

Critical flaws revealed in Sonos One speakersCybersecurity specialists have exposed flaws that allow remote code execution and the disclosure of sensitive dataThe Zero Day Initiative (ZDI) revealed a number of security issues surrounding Sonos One wireless speakers in its latest report last week. These flaws could be exploited to achieve disclosure of sensitive information and remote code execution.Details of the vulnerabilities discovered in the Pwn2Own hacking...

Expanding cyber threat: GobRAT targets Linux routers in JapanAttack detected by JPCERT Coordination Center compromises router security, obfuscating malware as Apache process and establishing dangerous remote accessThe cybersecurity world has recently been rocked by a new remote access trojan, written in Golang and known as GobRAT. This insidious software targets Linux routers in Japan, and its initial attack strategy involves locating a router whose WEBUI is freely accessible to the public. The trojan then exploits...

Security issue in the WordPress Gravity Forms pluginMore than 930,000 websites could be exposed to security risks due to unauthenticated injection of PHP objects in the popular pluginThe popular WordPress plugin "Gravity Forms", currently used by over 930,000 websites, is vulnerable to unauthenticated PHP object injection. "Gravity Forms" is a customizable form-building tool used by website owners to make payments, registrations, file uploads, or any other forms needed for visitor-site...

Zyxel fixes major vulnerability in home NAS devicesUsers are advised to update their systems immediately to avoid potential cyber-attacksZyxel, a company renowned for the production of network connected storage devices (NAS) for home use, has solved a significant security problem. The vulnerability, named CVE-2023-27988, was a high-severity security risk involving authenticated command injection. This security issue was seen in the device...

SpinOk spyware found in over 100 android apps with 421 million downloadsMalicious software, identified by Doctor Web, steals data and interacts with users through bogus games and prizes, endangering privacyThe antivirus company, Doctor Web, has detected spy software in more than 100 Android applications. These applications have amassed over 421 million downloads on Google Play. The malicious entity, dubbed 'SpinOk' by Doctor Web, comes in the form of a marketing SDK.SpinOk hidden features and user interaction...

Virtual assistants: from protagonists to pop-ups on the stage of artificial intelligenceA worrying stasis as modern artificial intelligence advances by leaps and boundsIn recent years, the roar of tech giants like Google and Amazon has resounded in every corner of the planet, thanks to well-known personalities: Google Assistant and Alexa. These virtual assistants have invaded our homes, promising to revolutionize their daily lives with a simple voice command. But the...

Cyber security emergency: checkmate in the Dallas courtBrazos county responds to vyberattacks: from dramatic consequences to building a dtrong defense lineCyber attacks undermine the security of vital data, which can cause dramatic consequences. A case in point occurred recently in the United States, when the Dallas Municipal Courthouse became the target of such an attack. The result was catastrophic: the building was closed for nearly a month. This incident...

Generative AI abuse: a growing threat to online securityActiveFence report reveals how generative AI is being used for child abuse material production, disinformation propagation and extremismMalevolent actors are abusing Generative Artificial Intelligence (AI) to commit child sexual abuse (CSAM), disinformation, fraud and extremism, says ActiveFence. According to Noam Schwartz, CEO and founder of ActiveFence, "The explosion of generative AI has far-reaching implications for all corners of...

DogeRAT: the new open source danger for AndroidWarning to users: sophisticated malware sneaks through supposedly safe applications, with India as the main targetIn a sophisticated malware campaign, DogeRAT, a new open source Remote Access Trojan (RAT), is primarily targeting Android users in India. This malware is distributed through social media and messenger platforms, masquerading as legitimate applications such as Opera Mini, OpenAI ChatGOT and premium versions...

Spain's plan to curb encryption sparks controversy: an in-depth look at global cybersecurity issuesFrom Meta's record GDPR fine to allegations against NSO Group's Pegasus spywareIn a document recently exposed, it was unveiled that Spanish officials are looking to impose restrictions on end-to-end encryption across the European Union. This came to light as part of a wider European investigation concerning proposals to scrutinize private messages for material related to child...

Innovative phishing approach exploits browser-based file archivingThe latest cybercrime method mirrors genuine file archiving software within web browsers, capitalizing on new top-level domains and raising cybersecurity concernsAn innovative phishing approach named "browser-based file archiving" offers a way to impersonate file archiving software, like WinRAR, in a web browser, occurring when a victim lands on a .ZIP website.Revealed by security researcher mr.d0x, the tactic involves making use of a .zip website to present...

Cyber attacks halved in one yearMedical device alert: let's not let our guard downCyber attacks in Italy are declining in early 2023. However, the risk associated with medical devices is increasing. Exprivia brings it back.The IT consulting firm has seen a 50% drop in cyberattacks over the previous year. But despite this positive data, experts warn that we must not let our guard down.In...

IT security: growing attacks and new protection plansCyberattacks up 7% globally and new plans to protect against ransomwareThe rise of cyberattacks on a global scale is a worrying phenomenon, with ransomware continuing to be the main threat to the public. That's the conclusion that emerged from the latest report published by Check Point Research, a company specializing in information security. According to analysts, during...