Cybersecurity
Category Added in a WPeMatico Campaign
The scam tweets often appear to be from well-known crypto accounts like Binance and Ethereum, but they lead to unrelated users promoting fake giveaways, wallet-draining websites, and pump-and-dump schemes.
Prompt injection is, thus far, an unresolved challenge that poses a significant threat to Language Model (LLM) integrity. This risk is particularly alarming when LLMs are turned into agents that interact directly with the external world, utilizing tools to fetch data or execute actions. Malicious actors can leverage prompt injection techniques to generate unintended and […]
Mozilla on Tuesday announced security updates for both Firefox and Thunderbird, to address 20 vulnerabilities, including several memory safety issues. Firefox 121 was released with patches for 18 vulnerabilities, five of which have a ‘high’ severity rating. At the top of the list is CVE-2023-6856, a heap buffer overflow bug in WebGL, the JavaScript API […]
SimSpace, a startup that creates digital replicas of organizations’ tech and networking stacks for cybersecurity training, has raised $45 million in a funding round led by L2 Point Management. Bringing the company’s total raised to $70 million, the investment comes at an auspicious time for SimSpace, which had been entirely bootstrapped until about two years […]
Dec 21, 2023NewsroomVulnerability / Phishing Attack Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), […]
Dec 21, 2023NewsroomVulnerability / Zero-Day Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited […]
The use of public services as command-and-control (C2) infrastructure isn’t a revolutionary technique for malicious actors. ReversingLabs has observed such behavior in several malware campaigns throughout the last few years. Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive and Discord to host second stage malware and sidestep detection tools. However, […]
Published On : 2023-12-15 EXECUTIVE SUMMARY At CYFIRMA, our mission is to empower you with the latest insights into the dynamic landscape of cybersecurity threats, addressing risks that impact both organizations and individuals. This report details a sophisticated cyber threat involving a malicious Word file with an embedded macro that, upon opening, prompts victims to […]
Israel has named Iran and Hezbollah as the culprits behind a cyberattack on the the Ziv Medical Center. A joint investigation by the Israel National Cyber Directorate, the Israel Defense Forces, and the Israeli Security Agency determined that Iran’s Ministry of Intelligence orchestrated the attack, with the involvement of Hezbollah’s “Lebanese Cedar” cyber unit. Some […]