Month: August 2022
Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
31 August 2022Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit of retail affiliate programs. “The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website,” McAfee researchers Oliver Devane […]
Read More
Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope
31 August 2022A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA’s James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix, points to the growing adoption of Go among threat actors, given the programming language’s cross-platform support, effectively allowing the […]
Read More
Interested in Reducing Your Risk Profile? Jamf Has a Solution for That
31 August 2022The threat landscape has changed dramatically over the past decade. While cybercriminals continue to look for new ways to gain access to networks and steal sensitive information, the mobile attack surface is also expanding. Mobile devices are not only becoming more powerful but also more vulnerable to cyberattacks, making mobile security an increasingly important concern […]
Read More
Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks
31 August 2022Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability […]
Read More
Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks
31 August 2022A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. “The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea,” enterprise security firm […]
Read More
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
30 August 2022As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. “The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, […]
Read More
Hands-on Review: Stellar Cyber Security Operations Platform for MSSPs
30 August 2022As threat complexity increases and the boundaries of an organization have all but disappeared, security teams are more challenged than ever to deliver consistent security outcomes. One company aiming to help security teams meet this challenge is Stellar Cyber. Stellar Cyber claims to address the needs of MSSPs by providing capabilities typically found in NG-SIEM, […]
Read More
India’s Newest Airline Akasa Air Found Leaking Passengers’ Personal Information
30 August 2022Akasa Air, India’s newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug […]
Read More
FBI Warns Investors to Take Precautions with Decentralized Financial Platforms
30 August 2022The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance (DeFi) platforms to plunder cryptocurrency. “The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency,” the agency said in a notification. Attackers are said to have used […]
Read More
FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones
30 August 2022The U.S. Federal Trade Commission (FTC) on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers’ mobile devices. The complaint alleges that the U.S. company amasses a “wealth of information” about users by purchasing data from other data brokers to sell to […]
Read More