Cybersecurity

ShadowSyndicate: New RaaS Connected to Multiple Ransomware Families

Researchers have discovered the infrastructure linked to a threat group called ShadowSyndicate, believed to have launched attacks using seven distinct ransomware families in the last year. Active since June 2022 or earlier, connections between this group and the developers of Cl0p, Play, Royal, and Cactus ransomware have been highlighted in a study by Group-IB and […]

Cybersecurity

Newly Discovered ZenRAT Malware Targets Windows Users

A new malware strain called ZenRAT has emerged in the wild to steal information from Windows systems. While the exact distribution process remains unknown, past instances of similar threats have often used SEO poisoning, adware bundles, or malspam campaigns. Attack overview According to Proofpoint researchers, ZenRAT was initially discovered on a website pretending to be […]

Cybersecurity

Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors

Sep 27, 2023THNMalware / Cyber Attack A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a “high technical level and cautious attack attitude,” adding that “the phishing attack activity captured this […]

Cybersecurity

CISA Publishes Hardware Bill of Materials Framework

The US Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance designed to improve the accuracy of risk assessments related to hardware products in the supply chain. The Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management is the work of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) […]

Cybersecurity

Canadian Flair Airlines left user data leaking for months

Canadian Flair Airlines left user data leaking for months Pierluigi Paganini September 26, 2023 Researchers discovered that Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months, the Cybernews research team […]

Cybersecurity

Voting Equipment Giants Team Up For Security

In anticipation of the upcoming 2024 election, major US voting equipment manufacturers have announced an initiative to collaborate with cybersecurity experts to undergo extensive stress testing of their election systems.  The move aims to bolster election security and combat the rampant spread of misinformation among American voters. Hosted by the Information Technology-Information Sharing Analysis Center […]

Cybersecurity

Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data

Sep 27, 2023THNVulnerability / Endpoint Security A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. “This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression,” a group of academics from the University of Texas at […]