Category: Shorts

Don’t Click That ZIP File! Phishers Weaponizing .ZIP Domains to A new phishing technique called file archiver in the browser can be leveraged to emimam a file archiver software in a web browser when a victim visits a .zip domain. When a user clicks on this file, it will initiate the download of a .exe…

Remote Access Trojan for Linux Routers Targeting Japan Found A new type of trojan called GobRAT infects Japanese Linux routers with malicious code. The JPCERT Coordination Center (JPCERT/CC) warns that the trojan, which uses a loader script to gain remote access, masquerades as an Apache daemon process. It can also disable firewalls, establish persistence, and…

3 Challenges to Overcome When Building a Continuous Threat Exposure Management Program In this article, we’ll look at another trending acronym, CTEM, which stands for Continuous Threat Exposure Management and the challenges that come along with seeing a CTEM program through to maturity. What is continuous threat exposure management (CTEM)? In short: You can monitor…

AceCryptor: A Powerful Weapon Used by Cybercriminals, Detected in 240 AceCryptor, a crypter malware family, has been used to pack numerous strains of malware since 2016. Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. Some of the prominent malware families contained within AceCryptor…

New Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force BrutePrint uses two zero-day vulnerabilities in the smartphone fingerprint authentication framework to brute force fingerprints on smartphones to bypass user authentication and seize control of the devices. Researchers have discovered an inexpensive attack technique called BrutePrint that can be leveraged to brute-force passwords and steal control…

Sneaky DogeRAT Trojan Pretends to Be Popular Apps, Targets A new Android trojan called DogeRAT has been found in the App Store. Once installed, it gains unwarranted access to sensitive data, including contacts, messages, and banking credentials. According to a report by cybersecurity firm CloudSEK, the malware can be found in several popular apps including…

APT Group Leverages TelePowerBot and KamiKakaBot in Sophistic The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023.Dark Pink, also called Saaiwc Group, is an advanced persistent threat (APT) actor believed to be of…

6 Steps to Safeguard Critical Assets and Fight Cybercrime: Effectively Threat Hunting This article offers an explanation of threat hunting. It is gathering evidence that a threat is materializing. But with effective threat hunting, you can keep bad actors from wreaking havoc on your organization. Protect your organization from costly cybercrime with the latest comprehensive…

Apple macOS Vulnerability Allowing SIP Protection Bypass Details Critical Microsoft Now patched, a flaw exists in Apple macOS that allows attackers with root access to bypass security enforcements and perform arbitrary actions on affected devices. The problem arises from a flaw in systemmigrationd, a daemon used to handle device transfer. It enables any of its…

How to Protect Your Salesforce Community from Ghost Sites In a new report, security firm Varonis warns enterprises that poorly deactivated and abandoned Salesforce Sites and Communities could pose severe risks to organizations, leading to unauthorized access to sensitive data. Such sites are often referred to as ghost sites because they are left lying around…