An unidentified threat actor is taking advantage of the recent Falcon Sensor update issues to distribute fake installers via a fraudulent website impersonating a German entity.
Least privilege begins by addressing dormant user accounts and then scrutinizing access privileges, using Context-based access control (CBAC), Attribute-based access control (ABAC), and Role-based access control (RBAC) to determine user access.
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a “sophisticated AI-powered phishing-as-a-service platform”
Researchers at Wiz have identified an ongoing campaign targeting exposed Selenium Grid services for illicit cryptocurrency mining. The campaign, known as SeleniumGreed, is exploiting older versions of Selenium to run a modified XMRig miner.
The US has indicted a North Korean state hacker for ransomware attacks on hospitals and healthcare companies. The hacker, Rim Jong Hyok, is a member of the Andariel Unit within North Korea’s intelligence agency.
The Internet Systems Consortium (ISC) has released patches to fix multiple security vulnerabilities in the BIND 9 DNS software suite that could lead to denial-of-service attacks.
US Senator Richard Blumenthal revealed that Bank of America, JPMorgan Chase, and Wells Fargo only reimbursed 38% of customers for unauthorized payments, resulting in $100 million in fraud losses.
Process Injection is a vital technique used by attackers to evade detection and escalate privileges. Thread Name-Calling has emerged as a new injection technique that abuses Windows APIs for thread descriptions to bypass endpoint protection products.
A recent study by Parametrix has found that the global IT outage linked to CrowdStrike will result in at least $5.4 billion in direct financial losses for Fortune 500 companies, excluding Microsoft.