General Security News
-
EvilBamboo Attacking Android & iOS Devices With Custom Malware
EvilBamboo, formerly known as “Evil Eye,” has been found to target Tibetan, Uyghur, and Taiwanese organizations and individuals. This threat actor...
-
BIND DNS System Flaws Let Attackers Launch DoS Attacks
In a recent disclosure, BIND 9, a widely-used DNS (Domain Name System) server software, has been found vulnerable to two critical security flaws,...
-
Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers
A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by...
-
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source...
-
Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks
Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity...
-
OilRig: Never-seen C#/.NET Backdoor to Attack Wide Range of Industries
OilRig (APT34) is an Iranian cyberespionage group active since 2014, targeting Middle Eastern governments and various industries like:- OilRig...
-
Cryptojacking Campaign Infected Online Thesaurus With Over 5 Million Visitors
Students, authors, and anybody else wishing to improve their vocabulary and language abilities frequently utilize Thesaurus, one of the well-known...
-
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region...
-
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth...
-
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a...
-
MOVEit Transfer SQL Injection Let the Attacker Gain Unauthorized Access to the Database
MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2) and a Reflected Cross-Site Scripted...
-
LUCR-3 Attacking Fortune 2000 Companies Using Victims’ Own Tools & Apps
A new financially motivated threat group named “LUCR-3” has been discovered targeting organizations to steal intellectual property for extortion....