Cyber threats

The dark side of ChatGPT: risks and implications for IT securityHow ChatGPT can be exploited to put computer security at riskChatGPT, while useful, also presents various security risks. Its capabilities can be exploited by cybercriminals to create phishing messages and generate malicious code, including malware and ransomware. Furthermore, it can inadvertently aid in identifying vulnerabilities for exploitation. As it's accessible...

The rapid expansion of attacks with BlackByte 2.0 ransomwareThe incisive techniques used in BlackByte 2.0 ransomware and the proposed defensive strategiesThe article discusses the increasing threat of BlackByte 2.0 ransomware attacks. This rapid and potent type of cyberattack can breach and download significant data within 5 days. Attackers exploit weaknesses in Microsoft Exchange servers and use advanced tools like web shells and Cobalt Strike beacons...

Implications of fileless attacks: a detailed analysisDecode fileless attack techniques and effective defense strategiesThe article discusses 'fileless attacks', a new type of cyber threat that do not deliver malicious files but compromise applications and scripts on target systems. They use system tools like PowerShell, WMI, and Office document macros for infiltration and operate directly in a system's memory, leaving...

CISA warns: "hackers exploit known vulnerability in Netwrix Auditor software"Insight into the cyber response to the eminent danger of the Netwrix Auditor breachThe US Cybersecurity Agency, CISA, has warned that cybercriminals are exploiting a known vulnerability in Netwrix Auditor software to spread Truebot malware across US and Canadian organizations. This loophole, discovered a year ago, can enable hackers to infiltrate an entire Active Directory domain....

Rise of cyber attacks: digital India on the frontlineAs India accelerates its digital transformation to become a global player, cyber security emerges as an urgent challengeThe rapid digitization of industries in India has led to an increase in cyber-attacks, causing significant impacts on businesses including production halts and revenue losses. Many companies had neglected cybersecurity but following the rise in attacks, there's a growing demand for preventative security...

Electric vehicle charging stations: new target for hackersAs the electric car industry grows, new challenges emerge: the safety of charging stations becomes a pressing issueThe increase in electric vehicle usage is causing new security issues, notably hacking of charging stations. Cybersecurity experts warn these hacks could access personal data or manipulate the power supply, causing grid instabilities. Responsibility for security lies primarily with station manufacturers,...

DDoSia evolves: new version threatens global cybersecurityUpgraded DDoSia attack tool obscures targets, expands reach, and heightens the cyber threat landscape across multiple nations and industriesThe DDoSia attack tool, linked to a pro-Russian hacker group, has been updated to fetch a concealed list of target websites from command servers, escalating cybersecurity threats. Originally designed for distributed-denial-of-service attacks, DDoSia's victims are increasingly broad and global. The tool's...

Fight against cybercrime: urgent for family officesNew digital threats emerge: How family offices can weather the wave of cyber attacks and protect their assetsIn the digital age we live in, just opening an internet browser can expose us to security risks. For family offices, which manage large estates, this vulnerability can be even more insidious. According to Boston Private, 26% of these offices have suffered a cyberattack, and for nearly two-thirds of them,...

Creepy evolution: Rustbucket malware updatesSecurity experts discover a new variant of Rustbucket malware for macOS, which stands out for its sophisticated persistence and ability to evade security measuresIn a recent revelation, researchers have unveiled an enhanced version of an Apple macOS malware named Rustbucket. This upgraded variant exhibits superior capabilities that strengthen its persistence on infected systems and allow it to evade detection by security tools. The Rustbucket malware family,...

The rise of Midnight Blizzard's cyber attacks: Microsoft alertsA dramatic increase in intrusions conducted by the Russian hacker group is reported; the techniques used become increasingly sophisticated and disguisedMicrosoft has revealed a dramatic increase in credential-stealing attacks perpetrated by the state-affiliated Russian hacker group known as the Midnight Blizzard. These attacks use residential proxy services to mask the source IP address, targeting governments, IT service providers, NGOs, defense sectors...

Global attack on mobile banking: Anatsa trojan infects Google PlaySophisticated malware aims to steal sensitive data from more than 600 banking applications via malicious droppers on Google PlayAndroid users in at least five countries have been targeted by the Anatsa banking trojan through malicious vaults uploaded to Google Play. This alarming news was reported by ThreatFabric, a company that specializes in detecting computer threats. The identified repositories, which have achieved over 30,000...

Cyber scam alert: WhatsApp Pink threatens Android usersMumbai Police Issue Emergency Alert Against Dangerous WhatsApp Pink Scam: Here's How To Protect YourselfMumbai Police has issued a red alert notice for Android users who have downloaded WhatsApp Pink, warning of the potential repercussions of this scam.Scam emergency: Mumbai issues red alert for WhatsApp PinkIn a new wave of fraudulent activity, the Mumbai Police recently issued a red alert for Android...

Profitable companies targeted by cybercriminals: risks and impacts of cybercrimeAnalysis by the American Enterprise Institute reveals how large companies with significant financial resources are preferred targets for cyber attacks, with serious economic repercussions on the entire...Research by the American Enterprise Institute (AEI) think tank has shown that cybercriminals tend to attack highly profitable companies with abundant cash reserves and which invest generously in advertising. Analysis of cyber attacks from January 1999 to January 2022 suggests that cyber threat actors...

Volt Typhoon: the emerging chinese cyber-espionage threatDetailed analysis reveals advanced hacking techniques used by Volt Typhoon, a new chinese cyber-espionage group, also known as Vanguard PandaA new Chinese state actor in the cyber warfare landscape, known as Volt Typhoon, has been recently discovered and has been active since 2020. This group of hackers has shown unprecedented operational techniques to maintain remote access to its targets. The findings come from CrowdStrike, which keeps...

Cyber security: six new vulnerabilities in the US Agency catalogApple, VMware and Zyxel involved: CISA's list of known and exploited vulnerabilities is updated with six new flaws highlighted by cyber espionage activitiesThe US Information Security and Infrastructure Security Agency (CISA) recently updated its catalog of Known and Exploited Vulnerabilities (KEV), including six new flaws. The decision was made based on evidence of active exploitation of the vulnerabilities.Three Apple vulnerabilities, two in VMware and...

Financial scam: courier companies in the crosshairsNew online threat: Zerodha CEO reveals alarming fraud exploiting FedEx and Blue Dart namesFinancial fraud, increasingly sophisticated in the age of the pervasive internet, has become a regular phenomenon. The latest in chronological order involves courier companies, with a scam that is rapidly spreading.Under the name of FedEx: a worrying example from the CEO of ZerodhaNithin Kamath, co-founder...

Firmware backdoor discovered in Gigabyte motherboards: what to do to protect dataThe security risk to your personal data is high: here's what to do to prevent unauthorized accessA firmware backdoor has been discovered in several motherboards manufactured by Gigabyte, one of the world's largest manufacturers. The firmware backdoor would be present on 271 motherboard models, including the most used ones for high-end gaming PCs from the Aorus and Gaming brands. PCs that use these...

MULTI#STORM: new phishing attack targets India and the United StatesSophisticated cyber attack using JavaScript files exploits RATs like Warzone and Quasar to compromise digital systems, creating pitfalls for unwitting usersA recent phishing campaign, identified as MULTI#STORM, has launched a targeted attack on India and the United States. Using JavaScript files, the attack aims to introduce remote access Trojans into compromised systems. Securonix researchers, including Den Iuzvyk, Tim Peck, and Oleg Kolesnikov, noted...

Russian hackers attack ukrainian infrastructure: Roundcube software is the targetRussian APT group exploits open-source webmail vulnerabilities to infiltrate ukrainian government and military entitiesA well-known Advanced Persistent Attack (APT) group, linked to the Russian government, has been discovered exploiting security vulnerabilities in the open-source email software Roundcube to spy on organizations in Ukraine. These include government institutions and military entities involved in aviation...

Diicot cybercriminals unleashing a new wave of DDoS attacksRomanian threat actor Diicot exhibits enhanced capabilities and diversified attack strategies, posing significant cybersecurity concernsIn the realm of cybersecurity, researchers have unearthed some new payloads that have not been recorded before, tied to a Romanian cyber threat group referred to as Diicot. This group is suspected to be capable of initiating distributed denial-of-service (DDoS) attacks. The name Diicot carries significant...

Mystic Stealer - the new emerging cyberthreatSophisticated malware for rent on hacking forums and the darknet, with worrying impact on browsers, cryptocurrencies and password managersSince April 2023, an emerging malware called Mystic Stealer has been rapidly spreading among the cybercriminal community. This malicious software is offered for rent for $150 a month on darknet hidden markets and hacking forums. Its victims include 40 web browsers, 70 browser extensions, 21 cryptocurrency...

Safe surfing in the sea of telecommuting: 10 key cyberthreatsDiscover the most frequent risks of remote working to protect your data and keep your digital security barrier strongWith the rise of remote working, catalysed by the Covid-19 pandemic, cybersecurity has become critical for businesses. While telecommuting offers work flexibility and cost savings, it also introduces a number of cybersecurity risks that need to be addressed. In this article, we'll explore the 10 most...

Misinformation and cybersecurity: the dark connectionDeciphering the role of disinformation in cybersecurity threats and social engineeringThe global landscape is increasingly subject to the phenomenon of disinformation, which has caused many discussions over the years. Prominent politicians, such as Donald Trump with his constant claims of "fake news" or Vladimir Putin with his provocative rhetorical style, have fueled this issue. Furthermore,...

Diicot: from cryptojacking to DDoS attacksRomanian threat group extends its capabilities: new attack strategy details and defense adviceCybersecurity researchers have identified previously undocumented workloads linked to Diicot, a Romanian threat group, highlighting the group's potential to launch Distributed Denial of Service (DDoS) attacks. The name Diicot has a certain relevance, as it coincides with the name of the Romanian police...

Innovation in cybercrime in the post-pandemic eraAttackers adapt to new technological realities: from the decay of Office macros to the rise of multi-factor authentication bypass and cloud threatsAs COVID-19-related medical and economic measures have eased, attackers have had to reinvent themselves to find new ways to make money, honing their social engineering skills, commodifying once-sophisticated attacking techniques, and creatively seeking new opportunities in unexpected. In 2022, the cyber-attack...

Boom of SMS scams: 330 million dollars lost in the last year aloneFTC report shows a worrying increase in message scams: FBI and cybersecurity experts share tips on how to recognize and prevent themThe report released last week by the Federal Trade Commission (FTC) reveals a disturbing reality: SMS scams have caused economic damage in excess of $ 330 million in the last year alone. This figure marks a notable increase from the previous year's 131 million and the 86 million recorded in 2020.Smishing:...

Fraudulent GitHub intrusion: fake accounts spread malwareA network of fake researchers is using GitHub to spread malicious code masquerading as proofs of concept for unknown vulnerabilitiesSeveral fake GitHub accounts associated with a fraudulent cybersecurity firm have been spotted for spreading malicious repositories on the code hosting service. Seven of these repositories, still accessible at the time of writing, pose as test exploits (PoCs) for alleged zero-day vulnerabilities in Discord,...

BatCloak: the new malware invisible to antivirusesIn the digital criminal underground, BatCloak emerges as an essential tool for obfuscating malicious codeSince September 2022, a new malware named BatCloak has attracted the attention of cybercriminals for its advanced obfuscation features, making it virtually undetectable by traditional antivirus solutions. BatCloak is distinguished by its ability to transform malicious code into "evasive" versions, making...

Dark Frost Botnet: the silent threat behind gaming industry disruptionsUnmasking the perpetrator behind the threat: a comprehensive dissection of its devastating structure, goals, and capabilitiesUnusual activity from a specific application piqued the interest of the Akamai company, prompting them to investigate. Noticing a series of unusual HTTP requests and binaries labeled "roof", Akamai began technical analysis. While initial scans using various third-party tools failed to reveal any nefarious...

The US fears Chinese attacks on critical infrastructureIn a climate of growing tension, US authorities predict potential sabotage of their infrastructure by Chinese hackersA senior US cybersecurity official on Monday expressed concern about the likelihood that Chinese hackers could disrupt critical US infrastructure, such as pipelines and railroads, in the event of a conflict with the United States. In a speech at the Aspen Institute in Washington, the Director of the...

New spectralviper backdoor used in an attack against vietnamese public companiesUsing open source projects as a malware customization strategyA new backdoor named Spectralviper has been used in an attack on Vietnamese public companies. Elastic Security Labs has discovered that it is a previously unknown, highly obscured 64-bit backdoor that provides PE upload and injection, file upload and download, file and directory manipulation, and the...

Microsoft detects multi-stage cyber attacks on banks and financial organizationsNew multi-stage phishing and email compromise are among the top threats reportedMicrosoft has identified a series of multi-stage phishing and corporate email compromise (BEC) cyber-attacks on banks and financial organizations. The attacks were carried out through a compromised trusted provider and followed up with multiple compromise attacks involving multiple organizations. The...

June 2023 Android security updates: fix critical vulnerability CVE-2022-22706Fixed a serious vulnerability that put the security of mobile devices at riskGoogle has released the Android Security Bulletin for June 2023, which contains fixes for 56 vulnerabilities found in its operating system, across all its versions 11 to 13. Among the 56 vulnerabilities, 5 were classified as critical. Exploiting vulnerabilities can lead to attacks of various nature,...

Stealth Soldier espionage malware strikes in North AfricaConstantly evolving highly targeted and personalized attacksA new custom backdoor, called the Stealth Soldier, has been used as part of a set of highly targeted espionage attacks in North Africa. Check Point, a cybersecurity firm, stated in a technical report that the Stealth Soldier malware is an undocumented backdoor that mainly operates on surveillance functions,...

Countering the CL0P ransomware group: recommendations from CISA and the FBIHow to defend against cyber attacks: prevention, detection and protection of digital assets in the crosshairs of cybercriminalsThe Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently issued a series of recommendations with the aim of protecting organizations from possible attacks perpetrated by the CL0P Ransomware Group. On Wednesday, CISA announced new cybersecurity...

The challenge of cybersecurity: defending against AI threats and exploiting their opportunitiesIn-depth analysis of new threats and innovative strategies of effective proactive defense based on artificial intelligenceTechnologies based on artificial intelligence (AI) are rapidly transforming the world, but at the same time, they represent a source of cybersecurity risk. New cyber threats are increasingly sophisticated thanks to the ease of access to tools and methodologies that were unthinkable until recently. Furthermore,...

Illegitimate extensions and the satacom downloader: a new crypto-stealing malware menaceHow the recent malware campaign abuses Chromium-based browsers and targets leading cryptocurrency platformsA new malicious software operation has been recently identified, utilizing the Satacom downloader as a vehicle to disseminate covert malware, aimed at covertly extracting cryptocurrencies through an illicit extension for Chromium-based web browsers. The primary objective of the virus, delivered through...

Verizon 2023: an explosion of ransomware attacks and cyber threatsVerizon data breaches report highlights rising wave of ransomware attacks, rising related costs, and importance of the human rlement in security breachesOn Tuesday, Verizon released its 16th Annual Data Breaches Report (DBIR). This report provides organizations with valuable insights from incidents analyzed by its Threat Research and Advisory Center. The DBIR is among the most anticipated reports in the cybersecurity industry, given the analysis of a...

Cyclops ransomware: new threats emerge with data theft capabilitiesA sophisticated cybercrime strategy carries out cross-platform attacks, affecting Windows, macOS and Linux with theft of sensitive dataThreats related to Cyclops ransomware have been observed offering malware designed to capture sensitive data from infected hosts. The notorious ransomware is notable for its ability to target all major desktop operating systems, including Windows, macOS, and Linux. It is also designed to terminate any...

Discovered over 30 malicious extensions in the Chrome Web StoreThe extensions, used by millions of users, contained malicious code aimed at displaying unsolicited ads and manipulating search resultsRecently, security experts identified more than 30 malicious extensions that had infiltrated the Chrome Web Store, possibly infecting millions of users. The discovery was initially made by security researcher Wladimir Palant, who three weeks ago realized that the PDF Toolbox extension for Chrome contained...

New web skimmer attack: Akamai reveals threat to e-commerce sitesAkamai investigation exposes growing harmfulness of e-skimming techniques, putting personal data and credit card information at riskAkamai, a leading cybersecurity company, has recently detected a sophisticated Magecart-style web skimming campaign targeting the theft of Personally Identifiable Information (PII) and credit card data from e-commerce portals. During the operation, attackers use a combination of evasive strategies including...

From IT outsourcing to hack-for-hire: the new face of India's digital marketHow cybermercenaries are revolutionizing India's tech industry, amidst security threats and market opportunitiesThe global IT outsourcing market has undergone a drastic evolution. Initially, it was dominated by the migration of IT services of American and European multinational companies to Indian companies, thanks to the combination of technical expertise and lower costs. However, with the advent of artificial...

The race for artificial intelligence: Josh Lospinoso's alarmThe cybersecurity expert highlights the threats of AI and the need for security in military and commercial operationsBefore founding his current startup, Shift5, which works with the US military, railway operators and airlines such as JetBlue, Josh Lospinoso had already created a cybersecurity startup that was purchased in 2017 by Raytheon/Forcepoint. A former Army captain and 2009 West Point graduate, Lospinoso spent...

SQL injection vulnerability affects MOVEit Transfer: A security appealProgress software confirms a serious risk for organizations. Researchers and security professionals investigate the impact of the incidentThe Progress Software company recently updated a security advisory confirming the existence of a SQL Injection vulnerability in the MOVEit Transfer web application. Although a CVE number has not yet been assigned, this vulnerability could allow an unauthenticated attacker to gain unauthorized access...

The growing threat of cyberattacks in the automotive sectorModern vehicle technologies accentuate vulnerability to cyber risks, creating urgent safety challenges in the future of motoringIn the digital age, vehicles, especially those with sophisticated electronic systems, are becoming increasingly exposed to the risks of cyber attacks. The threat is not just limited to electric cars, but also extends to modern sedans and utility vehicles, which are capable of being hacked. This danger...

5G networks: discover the risks and how to mitigate themFrom slow 5G deployment to cybersecurity challenges, we explore the 5G landscape and offer strategies to protect your devicesThe introduction of 5G networks has proved to be a slower process than expected. Although the concept was unveiled in 2016, its global availability was only achieved in 2019. Four years later, the share of the population with 5G-enabled devices remains low in most countries. It is unclear whether the...

Critical flaw discovered in the ReportLab Toolkit: remote code execution riskAn exploit for a ReportLab vulnerability, used to generate PDFs from HTML, puts millions of users at risk. A security update is availableA researcher has revealed a hands-on experiment of a flaw that allows remote code execution, known as RCE, that affects the ReportLab Toolkit. This tool, a Python library widely used by many projects to convert HTML files to PDF, has a monthly download volume of about 3.5 million on the PyPI (Python...

Critical flaws revealed in Sonos One speakersCybersecurity specialists have exposed flaws that allow remote code execution and the disclosure of sensitive dataThe Zero Day Initiative (ZDI) revealed a number of security issues surrounding Sonos One wireless speakers in its latest report last week. These flaws could be exploited to achieve disclosure of sensitive information and remote code execution.Details of the vulnerabilities discovered in the Pwn2Own hacking...

Expanding cyber threat: GobRAT targets Linux routers in JapanAttack detected by JPCERT Coordination Center compromises router security, obfuscating malware as Apache process and establishing dangerous remote accessThe cybersecurity world has recently been rocked by a new remote access trojan, written in Golang and known as GobRAT. This insidious software targets Linux routers in Japan, and its initial attack strategy involves locating a router whose WEBUI is freely accessible to the public. The trojan then exploits...

Security issue in the WordPress Gravity Forms pluginMore than 930,000 websites could be exposed to security risks due to unauthenticated injection of PHP objects in the popular pluginThe popular WordPress plugin "Gravity Forms", currently used by over 930,000 websites, is vulnerable to unauthenticated PHP object injection. "Gravity Forms" is a customizable form-building tool used by website owners to make payments, registrations, file uploads, or any other forms needed for visitor-site...