Dec 15, 2023NewsroomCryptocurrency / Malware Crypto hardware wallet maker Ledger published a new version of its “@ledgerhq/connect-kit” npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishing attack, the company […]
Dec 14, 2023NewsroomMalware / Cyber Espionage The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an […]
Approval phishing scams have been used to steal at least $1bn in cryptocurrency since May 2021, according to a new report by Chainalysis. The researchers estimates that this technique, which is frequently used by romance scammers, has led to crypto users losing at least $374m so far in 2023. Approval phishing is a type of […]
Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot be exploited to operate out of bounds. Cannot initiate operations that it is not supposed to do. Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and […]
Dec 15, 2023NewsroomVulnerability / Software Security Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from […]
The City of Defiance has fallen victim to a cyberattack orchestrated by the notorious Knight ransomware group. The City of Defiance data breach was first brought to light on December 13, 2023, when Knight officially listed the City of Defiance as their latest target. The threat actor, known as Knight, revealed their malicious intent on […]
AIAIAI’s affordable XE range serves up the goods again, this time tailored for producers. Greg Scarth finds out more. Things have changed a lot since we first reviewed AIAIAI’s XE range last year. Back then, the Danish brand only made headphones. In the year or so since, they’ve expanded into studio monitors and hinted at […]
Threat actors are switching tactics to compromise their victims with ransomware, with more attacks now exploiting vulnerabilities rather than using phishing emails, according to Corvus Insurance. The insurer analyzed claims data from this year to better understand threat actor activity. It claimed that vulnerability exploitation rose as an initial access method from nearly 0% of ransomware […]
The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number of 3.29 breaches in 2022, according to BlueVoyant. “Attacks targeting external vendors and partners are a constant threat,” said Joel Molinoff, BlueVoyant’s […]