Double Trouble: FBI Warns of Spike in Dual Ransomware Attacks Main Points The FBI has warned about a new trend of simultaneous ransomware attacks targeting the same victims, observable since July 2023. These attacks involve two different ransomware variants unleashed simultaneously on victim companies. The most common ransomware varieties are ... Read More »
“OilRig: An Unexpected Gift From Iran Topped With A Menorah” Main Points Mysterious Iranian cyber assailants known as OilRig are associated with a new spear-phishing effort infecting targets with Menorah, a flagship malware strain. As stated by Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy, this malware is tailored for ... Read More »
Exim Mail Transfer Agent: A Spotlight on Security Vulnerabilities – A series of security vulnerabilities have been reported in the Exim mail transfer agent. – Successful exploitation of these vulnerabilities could lead to information disclosure and remote code execution. – These flaws were initially reported anonymously in June 2022. – ... Read More »
Meet ASMCrypt: DoubleFinger’s “Evolved” Sibling in the Malware Family Main Points Threat actors are selling a new crypter and loader called ASMCrypt ASMCrypt is described as an evolved version of the known malware, DoubleFinger This type of malware aims to load the final payload undetected by antivirus/endpoint detection and response ... Read More »
North Korean Lazarus Group Sneaks into Spanish Aerospace Company with A Little “Meta-Recruiting” Digital Espionage Targets Spanish Aerospace Firm Throwing a different kind of punch, the infamous North Korea-linked group known as the Lazarus Group hit the world’s cyber stage in another notorious role. This time, they made their cyber ... Read More »
Sleep easy, or not: The Quantum Cryptography Conundrum Introduction: The Cryptosecurity Night Owl While most of us are still grappling with basic cyber hygiene, the juggernaut of post-quantum cryptography is hurtling towards us. It’s kind of like becoming a parent for the first time – you really don’t understand what’s ... Read More »
Beware Bing: Malware-Toting Ads Hitchhike On Microsoft’s AI Chatbot – Malware is being spread through ads appearing on Microsoft Bing’s AI Chatbot. – Users searching for popular tools have been led to malicious sites from Bing Chat conversations. – This discovery was reported by Malwarebytes. If you’re chatting with Bing, ... Read More »
Progress Software has released patches for a critical security hole and seven other vulnerabilities in WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. The major flaw, tracked as CVE-2023-40044, boasts a full-blown CVSS score of 10.0, suggesting maximum severity. All versions of the software are ... Read More »
Beware: Cisco dials up warning on software vulnerability Cisco has found attempts to exploit a vulnerability in its IOS Software and IOS XE Software. The vulnerability, tracked as CVE-2023-20109, has a CVSS score of 6.6 and is considered medium severity. All versions of the software with the GDOI or G-IKEv2 ... Read More »
Thieves in the Codehouse: Github Accounts Hijacked in New Malicious Campaign Here are the key takeaways: – A new malicious campaign is hijacking GitHub accounts and inserting malicious code. – The cunning culprits disguise this code as Dependabot contributions. – The objective is to pilfer passwords from unsuspecting developers. – ... Read More »
