New Malvertising Campaign Misuses Dynamic Search Ads and Compromised Websites A new malicious advertising campaign capitalizes on a compromised website to promote fake versions of PyCharm on Google search results using Dynamic Search Ads. The website owner may not be aware that one of their ads was automatically created to promote a popular program for
Read More
**Main Points** • Canada has banned the usage of Tencent and Kaspersky’s apps on all government mobile devices. • The ban is driven by concerns of an “unacceptable level of risk to privacy and security.” • This action is part of the Canadian government’s ongoing efforts to secure their information and network. **Canada’s New Ban:
Read More
Meta to Offer Ad-Free Facebook and Instagram for Fees in Select EU Regions Meta announces plans to offer an ad-free version of Facebook and Instagram in the EU, EEA, and Switzerland. The move comes in an effort to adhere to ‘evolving’ data protection regulations in these regions. Pricing for the ad-free subscription will cost €9.99/month
Read More
Modern Web App Development: Cloud and Security Concerns Modern web app development heavily depends on cloud infrastructure and containerization. Cloud technology and containerization can scale on demand and handle millions of file transfers daily. However, these technologies open avenues for potential attacks that can exploit file uploads or introduce vulnerabilities in containers hosting web applications,
Read More
the situation and provides details concerning: – ServiceNow’s announcement of potential “unintended access” due to misconfigurations – The implications for businesses using ServiceNow due to this security exposure risk – The steps taken by ServiceNow to rectify the issue Misconfigurations: a Wolf in Sheep’s Clothing? ServiceNow’s recent revelation serves as a reminder that even the
Read More
EleKtra-Leak Campaign Targets Exposed AWS Credentials on GitHub for Cryptojacking Main Points An ongoing campaign called EleKtra-Leak is targeting exposed Amazon Web Service (AWS) identity and access management (IAM) credentials in public GitHub repositories. This campaign allows threat actors to create multiple AWS Elastic Compute (EC2) instances for unauthorized cryptojacking activities. EleKtra-Leak: A New Threat
Read More
CVSS score: 7.5) – An attacker can exploit this vulnerability to bypass the network policies and expose sensitive services within the cluster CVE-2022-1612 (CVSS score: 7.7) – A potential threat actor could create a new Ingress object, thereby bypassing the ingress controller’s security measures and gaining access to its features and configurations Look Out for Security
Read More
Unghosting ‘GhostPulse’: New Malware Loader Disguised as Popular Software Key Points: A new cyber attack campaign is distributing a malware loader called ‘GhostPulse’ using deceptive MSIX Windows app package files. GhostPulse is disguised as popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex. MSIX is a package format developers utilize to
Read More
Summarizing The Intercepted Traffic from Jabber.ru Main Points: – An analysis indicates a covert interception of traffic from jabber[.]ru, an XMPP-based instant messaging service – Attackers reportedly made use of servers at Hetzner and Linode in Germany for the operation – TLS certificates from Let’s Encrypt service were issued and used by the attacker to
Read More
Caught Red-Handed: North Korea’s Lazarus Group in New Cyberattack Main Points North Korea–associated Lazarus Group is behind a new cyber-attack. An unnamed software vendor was compromised through exploitation of security flaws. The attack sequences resulted in the deployment of malware families like SIGNBT and LPEClient. LPEClient is a notorious hacking tool used by Lazarus Group.
Read MoreNo products in the cart.