iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. [...]
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. [...]
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. [...]
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems. [...]
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data. [...]
The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities. [...]
Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system [...]
A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus [...]
U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program. [...]
Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds. [...]
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims. [...]
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain. [...]
DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails. [...]
Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods. [...]
Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads. [...]
Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes. [...]
Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain. [...]
Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP. [...]
300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services. [...]
Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them. [...]
Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant. [...]
Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530. [...]
Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them. [...]
Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets. [...]
Victims instructed to make a phone call that will direct them to a link for downloading malware. [...]
The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine. [...]