Dec 22, 2023NewsroomThreat Intelligence / Supply Chain Attack Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly […]
Ivanti’s Avalanche enterprise MDM solution has been found to have 13 critical security vulnerabilities, including buffer overflow weaknesses, that can be exploited by attackers to gain remote code execution on unpatched systems.
The 25 45s that made 23 a great year for singles 1 Sleaford Mods – West End Girls (Rough Trade) “Sometimes you’re better off dead… There’s a gun in your hand and it’s pointing at your head..” Sleaford Mods re-rub the Pet Shop Boys classic ‘West End Girls’ with typically sardonic Midlands wit – you […]
Dec 21, 2023NewsroomZero-Day / Mobile Security A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an “add-on feature” and that it depends on the licensing options opted by a customer. “In 2021, Predator spyware couldn’t survive a reboot on the infected Android […]
Dec 21, 2023NewsroomMobile Security / Banking Trojan Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. “Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the […]
Google addressed a new actively exploited Chrome zero-day Pierluigi Paganini December 20, 2023 Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with […]
The Securities and Exchange Commission has officially reached the implementation dates for its historic cyber incident reporting requirements. The rules, which require companies to report material cyber incidents within four business days of determination, are leading to significant changes in how companies prepare for and implement cyber risk strategies at the highest levels of publicly […]
Indian information technology company HCL Technologies reported a ransomware attack to regulators on Wednesday and said that it is investigating the incident. In a filing with the National Stock Exchange of India, the company said it “has become aware of a ransomware incident in an isolated cloud environment for one of its projects.” “There has […]
Scammers are taking advantage of the last-minute rush to order Christmas gifts, with one threat intelligence vendor claiming to have seen a 34% increase in new phishing sites impersonating delivery services. Group-IB said it identified 587 sites designed to look like legitimate postal operators and delivery companies in the first 10 days of December, up […]