Uncategorized – Page 477 – Learn and Explore

June 13, 2023
Uncategorized

Beware: New DoubleFinger Loader Targets Cryptocurrency Wallets with Stealer

A novel multi-stage loader called DoubleFinger has been observed delivering a cryptocurrency stealer dubbed GreetingGhoul in what’s an advanced attack targeting users in Europe, the U.S., and Latin America. “DoubleFinger is deployed on the target machine, when the victim opens a malicious PIF attachment in an email message, ultimately executing the...

June 13, 2023
Uncategorized

Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals

It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures (CVEs) often make headlines in the cybersecurity world, secrets management remains an overlooked issue that can have immediate and impactful consequences for corporate safety. ...

June 13, 2023
Uncategorized

Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations

“Dozens” of organizations across the world have been targeted as part of a broad business email compromise (BEC) campaign that involved the use of adversary-in-the-middle (AitM) techniques to carry out the attacks. “Following a successful phishing attempt, the threat actor gained initial access to one of the victim employee’s...

June 13, 2023
Uncategorized

Webinar – Mastering API Security: Understanding Your True Attack Surface

Believe it or not, your attack surface is expanding faster than you realize. How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according...

June 13, 2023
Uncategorized

Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack

The U.S. Department of Justice (DoJ) has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox. According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been accused of conspiring to launder approximately 647,000...

June 13, 2023
Uncategorized

Critical FortiOS and FortiProxy Vulnerability Likely Exploited – Patch Now!

Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been “exploited in a limited number of cases” in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could

June 12, 2023
Uncategorized

Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer

Security researchers have warned about an “easily exploitable” flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. “A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted...

June 12, 2023
Uncategorized

Why Now? The Rise of Attack Surface Management

The term “attack surface management” (ASM) went from unknown to ubiquitous in the cybersecurity space over the past few years. Gartner and Forrester have both highlighted the importance of ASM recently, multiple solution providers have emerged in the space, and investment and acquisition activity have seen an uptick. Many concepts come and...

June 12, 2023
Uncategorized

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

A fully undetectable (FUD) malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant “threat actors the ability to load numerous malware families and exploits with ease through highly obfuscated batch files,” Trend Micro researchers said. About 79.6%...

June 12, 2023
Uncategorized

Password Reset Hack Exposed in Honda’s E-Commerce Platform, Dealers Data at Risk

Security vulnerabilities discovered in Honda’s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information. “Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account,” security researcher Eaton Zveare said in a report published last week....