Day: August 17, 2022
Cybercriminals Developing BugDrop Malware to Bypass Android Security Features
17 August 2022In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that’s currently in development. “This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking […]
Read More
New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild
17 August 2022Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been […]
Read More
Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers
17 August 2022A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. “In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations,” Recorded Future disclosed in a new […]
Read More
Lean Security 101: 3 Tips for Building Your Framework
17 August 2022Cobalt, Lazarus, MageCart, Evil, Revil — cybercrime syndicates spring up so fast it’s hard to keep track. Until…they infiltrate your system. But you know what’s even more overwhelming than rampant cybercrime? Building your organization’s security framework. CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement […]
Read More
Malicious Browser Extensions Targeted Over a Million Users So Far This Year
17 August 2022More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. “From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and […]
Read More
North Korea Hackers Spotted Targeting Job Seekers with macOS Malware
17 August 2022The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed “Operation In(ter)ception” that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the […]
Read More
RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers
17 August 2022RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the footsteps of NPM and PyPI. To that end, owners of gems with over 180 million total downloads are mandated to turn on MFA effective August 15, 2022. “Users in […]
Read More