Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense… Read More »Network Threats: A Step-by-Step Attack Demonstration
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions… Read More »DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributing it… Read More »State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox… Read More »Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny
Cybersecurity researchers have discovered an ongoing attack campaign that’s leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop… Read More »Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary… Read More »U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users’ keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of… Read More »Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting… Read More »eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed the activity… Read More »CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers
Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before… Read More »Apache Cordova App Harness Targeted in Dependency Confusion Attack