Researchers have discovered the infrastructure linked to a threat group called ShadowSyndicate, believed to have launched attacks using seven distinct ransomware families in the last year. Active since June 2022 or earlier, connections between this group and the developers of Cl0p, Play, Royal, and Cactus ransomware have been highlighted in a study by Group-IB and […]
A new malware strain called ZenRAT has emerged in the wild to steal information from Windows systems. While the exact distribution process remains unknown, past instances of similar threats have often used SEO poisoning, adware bundles, or malspam campaigns. Attack overview According to Proofpoint researchers, ZenRAT was initially discovered on a website pretending to be […]
Sep 27, 2023THNMalware / Cyber Attack A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a “high technical level and cautious attack attitude,” adding that “the phishing attack activity captured this […]
Cyber-attacks on European financial services firms more than doubled between Q2 2022 and Q2 2023, surging 119% in the period, according to new data from Akamai. The security vendor’s latest State of the Internet report detailed threats to the sector globally, drawing on data from the firm’s network of 340,000 servers distributed across over 130 countries. […]
The US Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance designed to improve the accuracy of risk assessments related to hardware products in the supply chain. The Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management is the work of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) […]
The average tenure of a Chief Information Security Officer said to sit between 18 to 24 months. This is barely enough time to get feet under the table, never mind a meaningful seat at the table. Two questions arise: why is there such volatile churn in this space; and how does it affect enterprise cybersecurity? […]
Canadian Flair Airlines left user data leaking for months Pierluigi Paganini September 26, 2023 Researchers discovered that Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months, the Cybernews research team […]
In anticipation of the upcoming 2024 election, major US voting equipment manufacturers have announced an initiative to collaborate with cybersecurity experts to undergo extensive stress testing of their election systems. The move aims to bolster election security and combat the rampant spread of misinformation among American voters. Hosted by the Information Technology-Information Sharing Analysis Center […]
Sep 27, 2023THNVulnerability / Endpoint Security A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. “This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression,” a group of academics from the University of Texas at […]