StripedFly Malware: A ‘Crypto-mining’ Multi-million Intruder Lurking for Half a Decade Main points: – Advanced malware dubbed as StripedFly has been active for over five years unnoticed – It infected one million devices globally – StripedFly mirrors a cryptocurrency miner – It’s an intricate modular framework that targets both Linux and Windows – Findings were
Read More
Google Unfurls ‘Independent Security Review’ Badge for Audited Android Apps Main Points: Google is introducing an “Independent security review” icon in the Play Store’s Data safety section for Android apps that have gone through a Mobile Application Security Assessment (MASA) check. The roll-out began with VPN applications due to the critical and significant amount of
Read More
**Main Points:** – Okta, the identity and authentication management provider, recently announced a security breach in its support case management system, affecting 134 out of its 18,400 customers. – An unauthorized user accessed Okta’s systems periodically from September 28 to October 17, 2023. – The intruder reportedly accessed HAR files which contain session tokens, potentially
Read More
Here are the main points of this article: – 48 new malicious npm packages that can deploy a reverse shell on vulnerable systems have been discovered in the npm repository. – These packages, masquerading as legitimate files, contained obfuscated JavaScript which starts a revers shell when installed. This was reported by Phylum, a software supply
Read More
Breaking Down AI in Cybersecurity: Outcomes Matter Most As the cyber threat landscape evolves, incorporating generative AI into both attackers and defenders’ toolbox utils is increasing. Evaluating the effectiveness of AI-based security offerings has become a challenging task. Asking the right questions can be a guide in choosing appropriate AI-driven cybersecurity solutions. Generative AI: A
Read More
Malvertising Scam Leveraging Facebook Ads Main Points Hijacked Facebook business accounts are running fraudulent ads, often featuring “revealing photos of young women” as bait. The trick is to manipulate victims into downloading an upgraded variant of NodeStealer malware. Clicking on the deceptive ads instantly downloads a file package that contains a malicious .exe ‘Photo Album’
Read More
Cybersecurity Researchers Uncover Spyware-Infected WhatsApp Mods Main Points: Cybersecurity researchers discover CanesSpy, a spyware module, in several WhatsApp mods for Android. These modified versions of WhatsApp have been found on questionable websites advertising such software and various Telegram channels being used by Arabic and Azerbaijani speakers. One such Telegram channel reportedly has 2 million users
Read More
A Deep Dive into MuddyWater’s New Spear-Phishing Campaign MuddyWater Targets Israeli Entities – The Iranian nation-state cyber actor MuddyWater has been tied to a fresh spear-phishing campaign. This time, they have their eyes set on two Israeli entities. – MuddyWater is not adding any extra baggage to their devilish deeds, rather they are opting to
Read More
New SaaS Discovery and Risk Assessment Product: Free User Access Review Included Launch of a unique “freemium” model product combining SaaS discovery and risk assessment with a complimentary user access review. This novel product aims to streamline the process of SaaS usage security, currently a vital need in cloud-based organizations. By integrating various approaches and
Read More
Multiple Windows Drivers Vulnerable to Security Threats – The Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) have 34 unique vulnerabilities. – Threat actors without privileges could exploit these vulnerable drivers to gain full control over devices and run arbitrary code on underlying systems. – Exploiters could also modify or delete firmware and/or elevate
Read MoreNo products in the cart.