Cybersecurity
Category Added in a WPeMatico Campaign
Researchers have identified an ongoing cryptojacking campaign, EleKtra-Leak, that targets exposed Identity and Access Management (IAM) credentials on GitHub repositories. The campaign has been active since December 2020, with as many as 474 unique Amazon EC2 instances found being used to mine Monero cryptocurrency between August 30 and October 6. Moreover, threat actors use these […]
85% of small business leaders say they are ready to respond to a cyber incident despite a record-high 73% reporting an attack in 2023, according to Identity Theft Resource Center. Employee and consumer data continue to be the most impacted categories of information affected by a data breach. The number of organizations reporting first-time attacks […]
A group of pro-Ukrainian hackers claims to have breached Russia’s national card payment system this week and obtained its user data. Activists from the DumpForums group and the Ukrainian Cyber Alliance said they defaced a website of the government-run National Payment Card System (NSPK) and reportedly gained access to the internal systems of the consumer […]
The browser has become the main work interface in modern enterprises. It’s where employees create and interact with data, and how they access organizational and external SaaS and web apps. As a result, the browser is extensively targeted by adversaries. They seek to steal the data it stores and use it for malicious access to […]
A threat actor affiliated with Iran’s Ministry of Intelligence and Security (MOIS) has been observed waging a sophisticated cyber espionage campaign targeting financial, government, military, and telecommunications sectors in the Middle East for at least a year. Israeli cybersecurity firm Check Point, which discovered the campaign alongside Sygnia, is tracking the actor under the name […]
At some point in the movie “Groundhog Day,” Phil Connors breaks his bedside radio when he is woken up (yet again) by the song “I Got You Babe”. This déjà vu seems to await companies that fall victim to ransomware and fail to orchestrate the proper response. The FBI has recently warned about dual ransomware […]
Nov 01, 2023NewsroomVulnerability / Cyber Attack F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure, resulting in the execution of arbitrary system commands as part of an exploit chain. Tracked as CVE-2023-46747 (CVSS score: 9.8), the vulnerability allows an unauthenticated attacker with network […]
What happened Proofpoint researchers identified TA571 delivering the Forked variant of IcedID in two campaigns on 11 and 18 October 2023. Both campaigns included over 6,000 messages, each impacting over 1,200 customers in a variety of industries globally. Emails in the campaigns purported to be replies to existing threads. This is known as thread hijacking. […]
Nov 01, 2023NewsroomMalware / Cryptocurrency State-sponsored threat actors from the Democratic People’s Republic of Korea (DPRK) have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel macOS malware dubbed KANDYKORN. Elastic Security Labs said the activity, traced back to April 2023, exhibits overlaps with the infamous adversarial collective […]