Month: February 2023

Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain

28 February 2023

Feb 28, 2023Ravie Lakshmanan Romanian cybersecurity company Bitdefender has released a free decryptor for a new ransomware strain known as MortalKombat. MortalKombat is a new ransomware strain that emerged in January 2023. It’s based on commodity ransomware dubbed Xorist and has been observed in attacks targeting entities in the U.S., the Philippines, the U.K., and […]

Read More

New EX-22 Tool Empowers Hackers with Stealthy Ransomware Attacks on Enterprises

28 February 2023

Feb 28, 2023Ravie LakshmananRansomware / Malware A new post-exploitation framework called EXFILTRATOR-22 (aka EX-22) has emerged in the wild with the goal of deploying ransomware within enterprise networks while flying under the radar. “It comes with a wide range of capabilities, making post-exploitation a cakewalk for anyone purchasing the tool,” CYFIRMA said in a new […]

Read More

Application Security vs. API Security: What is the difference?

28 February 2023

As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices, organizations can protect themselves from malicious […]

Read More

APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia

28 February 2023

Feb 28, 2023Ravie LakshmananCyber Threat / Malware The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow […]

Read More

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

28 February 2023

Feb 28, 2023Ravie LakshmananSoftware Security / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and […]

Read More

LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

28 February 2023

Feb 28, 2023Ravie LakshmananPassword Security / Data Breach LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal […]

Read More

Researchers Share New Insights Into RIG Exploit Kit Malware’s Operations

27 February 2023

The RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. “RIG EK is a financially-motivated program that has been active since 2014,” Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News. “Although it has yet to substantially change its exploits […]

Read More

Shocking Findings from the 2023 Third-Party App Access Report

27 February 2023

Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS (third-party) app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their efficiency or productivity, they rarely think twice before installing. Most employees don’t even realize […]

Read More

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

27 February 2023

Feb 27, 2023Ravie LakshmananBrowser Security / Malware A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. “These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games,” […]

Read More

PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

27 February 2023

Feb 27, 2023Ravie LakshmananRansomware / Cyber Attack Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. “The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control (C2) to […]

Read More