Blog – Page 546 – Learn and Explore

March 1, 2023
Uncategorized

BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11

A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape. “This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled,” Slovak...

March 1, 2023
Uncategorized

Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy

Google has announced the general availability of client-side encryption (CSE) for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable “even more organizations to become arbiters of their own data and the sole party deciding who has access to it,” Google’s Ganesh Chilakapati and...

March 1, 2023
Uncategorized

Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques

Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware “uses injection techniques to hide within legitimate processes, making it difficult to detect,” Uptycs said in a new report. “Once it has been successfully injected, attackers can interact with...

February 28, 2023
Uncategorized

Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain

Romanian cybersecurity company Bitdefender has released a free decryptor for a new ransomware strain known as MortalKombat. MortalKombat is a new ransomware strain that emerged in January 2023. It’s based on commodity ransomware dubbed Xorist and has been observed in attacks targeting entities in the U.S., the Philippines, the U.K., and Turkey....

February 28, 2023
Uncategorized

New EX-22 Tool Empowers Hackers with Stealthy Ransomware Attacks on Enterprises

A new post-exploitation framework called EXFILTRATOR-22 (aka EX-22) has emerged in the wild with the goal of deploying ransomware within enterprise networks while flying under the radar. “It comes with a wide range of capabilities, making post-exploitation a cakewalk for anyone purchasing the tool,” CYFIRMA said in a new report. Some...

February 28, 2023
Uncategorized

APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia

The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow expansion...

February 28, 2023
Uncategorized

Application Security vs. API Security: What is the difference?

As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices,...

February 28, 2023
Uncategorized

LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer...

February 28, 2023
Uncategorized

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to...

February 27, 2023
Uncategorized

Researchers Share New Insights Into RIG Exploit Kit Malware’s Operations

The RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. “RIG EK is a financially-motivated program that has been active since 2014,” Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News. “Although it has yet to...