While application development has evolved rapidly, the API management suites used to access these services remain a spooky reminder of a different era. Introducing new API management infrastructure with these legacy models still poses challenges for organizations as they modernize. Transitioning from monolithic architectures to agile microservices empowers developers to make quick changes. Using serverless […]
Oct 24, 2023NewsroomZero Day / Mobile Security The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim’s location. The findings come from Kaspersky, which detailed the great lengths the adversary […]
Enlarge 1Password 1Password, a password manager used by millions of people and more than 100,000 businesses, said it detected suspicious activity on a company account provided by Okta, the identity and authentication service that disclosed a breach on Friday. “On September 29, we detected suspicious activity on our Okta instance that we use to manage […]
Affected Platforms: WindowsImpacted Users: Windows usersImpact: The information collected can be used for future attacksSeverity Level: Medium In 2023, the InfoStealer market is a reasonably crowded affair. The likes of RedLine, Raccoon, and Vidar own a significant market share, with new entrants such as SaphireStealer appearing frequently. The latest entry, ExelaStealer has now taken the […]
An updated version of a sophisticated backdoor framework called MATA has been used in attacks aimed at over a dozen Eastern European companies in the oil and gas sector and defense industry as part of a cyber espionage operation that took place between August 2022 and May 2023. “The actors behind the attack used spear-phishing […]
Researchers have shared details of a new fake browser update threat that used a new malware called ClearFake to deliver malicious payloads onto victims’ devices. The malware is similar to SocGholish and FakeSG campaigns that use social engineering tactics to trick users into installing a bogus web browser update. Modus operandi The operators behind ClearFake […]
Researchers came across a new, lightweight variant of the RomCom backdoor that has been used in a cyberespionage campaign targeting the participants of the Women Political Leaders (WPL) Summit held in Brussels from June 7–8. The new iteration (tracked as RomCom 4.0) was first observed in early August and has been attributed to Void Rabisu, […]
A previously unknown advanced persistent threat (APT) group used custom malware and multiple publicly available tools to target a number of organizations in the manufacturing, IT, and biomedical sectors in Taiwan. A government agency located in the Pacific Islands, as well as organizations in Vietnam and the U.S., also appear to have been hit as […]
Endpoint Security APT 41 Used Android, iOS Surveillance Malware to Target APAC Victims Since 2018 Jayant Chakravarti (@JayJay_Tech) • October 3, 2023 A WeChat Pay payment services sign at Cafe De Coral in Hong Kong (Image; Shutterstock) Security researchers linked a surveillance toolkit called LightSpy to Chinese cyberespionage group APT41. The group used […]