New Malvertising Campaign Spreading Updated Atomic Stealer Malware A new malvertising campaign is spreading an updated version of the macOS stealer malware, Atomic Stealer. Atomic Stealer, first seen in April 2023, is an off-the-shelf Golang malware costing a whopping $1,000 per month. New variants of the malware have been seen since its inception, with improved
Read More
Soaring Skywards: vCISO Services Rise by Almost 5 Fold by End 2024 By 2024, a substantial increase in the number of Managed Services Providers (MSPs) and Managed Security Services Providers (MSSPs) offering virtual Chief Information Security Officer (vCISO) services is anticipated. This growth reflects the escalating demand for specialized cybersecurity expertise in business environments. This
Read MoreApache SuperSet Security Gets a Boost with New Patches Main Points: Two new vulnerabilities in Apache SuperSet have been patched. These vulnerabilities (CVE-2023-39265 and CVE-2023-37941) could allow remote code execution by attackers. The update, version 2.1.1, addresses these security breaches by securing Superset’s metadata database. New Patches Head off Security Threats Don’t we all love
Read More
Relax with Pandora? More like Wreak Havoc with Pandora A new strain of Mirai botnet known as Pandora is infiltrating affordable Android-based TV sets and TV boxes. Pandora is part of a botnet conducting distributed denial-of-service (DDoS) security attacks. Doctor Web reveals that either malicious firmware updates or the installation of pirated video content might
Read More
The Great Cache Heist: Chinese-Based Threat Storm-0558 Acquires Microsoft’s Inactive Consumer Signing Key Main points: – China-based threat actor known as Storm-0558 acquired an inactive consumer signing key, compromising Microsoft’s system. – The compromise allowed Storm-0558 to access debugging environment containing a crash dump from April 2021. – The attack was facilitated by the compromise
Read More
Google Drops New Android Security Patches; Targets Pesky Zero-Day Bug – Google releases monthly security update for Android, including fixes for a zero-day vulnerability. – The vulnerability, classified as CVE-2023-35674, is a high-risk privilege escalation problem impacting the Android Framework. – Google suggests that CVE-2023-35674 may be under targeted exploitation. Monthly Security Patches Roll Out
Read More
A Sneaky SideTwist from APT34 APT34, the notorious Iranian threat actor, has been associated with a new phishing attack that aids in deploying a backdoor variant known as SideTwist. The attack technology applied by APT34 is considered highly advanced, indicates NSFOCUS Security Labs. The bad actor is capable of designing unique intrusion tactics for diverse
Read More
CISOs: The New Masters of the Tech Universe As the digital landscape complexifies, the role of the Chief Information Security Officer (CISO) is becoming increasingly central to businesses’ success. CISOs are tasked with managing digital threats, fostering innovation, and maintaining business continuity. Insights from three notable CISOs reveal their experiences and strategies in the field.
Read More
Breakdown of Schweitzer Engineering Labs’ Security Flaws Main Points Nine security flaws were identified in electrical power management products made by Schweitzer Engineering Laboratories (SEL). The most critical of these could potentially allow Remote Code Execution (RCE) on an engineering workstation. The issues are tracked as CVE-2023-34392 and CVE-2023-31168 as per Nozomi Networks’ report. Detailed
Read More
Unveiling the Secret Phishing Empire Attacking Microsoft 365 Business Emails An unknown “phishing empire” has been attacking Microsoft 365 business email accounts for the past six years. The cybercriminal created a secretive marketplace called W3LL Store for a closed community of at least 500 threat actors. These threat actors could buy a customized phishing kit
Read MoreNo products in the cart.