Cybersecurity
Category Added in a WPeMatico Campaign
DP World Australia’s investigation has confirmed that the incident was confined to the Australian operations and did not impact any other markets where DP World operates.
Nov 29, 2023NewsroomMobile Security / Malware An Android malware campaign targeting Iranian banks has expanded its capabilities and incorporated additional evasion tactics to fly under the radar. That’s according to a new report from Zimperium, which discovered more than 200 malicious apps associated with the malicious operation, with the threat actor also observed carrying out […]
In a rapidly evolving digital landscape, it’s crucial to reevaluate how we secure web environments. Traditional antivirus-approach solutions have their merits, but they’re reactive. A new report delves into the reasons for embracing proactive web security solutions, ensuring you stay ahead of emerging threats. To learn more, download the full report here. The New Paradigm […]
Nov 29, 2023NewsroomCyber Attack / Data Breach Identity services provider Okta has disclosed that it detected “additional threat actor activity” in connection with the October 2023 breach of its support case management system. “The threat actor downloaded the names and email addresses of all Okta customer support system users,” the company said in a statement […]
Nov 29, 2023NewsroomMalware / Threat Intelligence The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that’s capable of remotely commandeering the infected hosts. The attacks involve the exploitation of a […]
Nov 29, 2023NewsroomZero-Day / Web Browser Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. […]
A critical vulnerability in Ray, an open source compute framework for AI, could allow unauthorized access to all nodes, cybersecurity firm Bishop Fox warns. Tracked as CVE-2023-48023, the bug exists because Ray does not properly enforce authentication on at least two of its components, namely the dashboard and client. A remote attacker can abuse this […]
CrowdStrike Counter Adversary Operations has been investigating a series of cyberattacks and strategic web compromise (SWC) operations targeting organizations in the transportation, logistics and technology sectors that occurred in October 2023. Based on a detailed examination of the malicious tooling used in these attacks, along with additional reporting and industry reports, CrowdStrike Intelligence attributes this […]
The attacker initiates a connection to ActiveMQ through the OpenWire protocol, typically on port 61616. By transmitting a crafted packet, the attacker triggers the system to unmarshal a class under their control.