A new UI redressing technique, know as Browser In The Browser (BITB), has given phishing a shot in the arm by making such attacks nearly untraceable in their design. This method is used to steal login credentials by juxtaposing a realistic replica of a third-party SSO login window that is usually redirected by a website’s login page (Instagram, Facebook, Twitter etc.). For instance, if a…
Ukraine continues to battle DDOS attacks
March 21, 2022
Since the onset of the war on Feb. 24, the Ukraine government has tallied 3,000 DDOS strikes, including a one-day high of 275.
The State Service of Special Communication and Information Protection of Ukrainesays: “Russia’s aggression, the intensity of cyberattacks against Ukraine’s vital information infrastructure hasn’t decreased. While Russian missiles are…
Cryptocurrency funding has become a viable way to support Ukraine in its ongoing war against Russia, which has left the country devastated on all fronts. According to UK based blockchain analysis provider Elliptic, the Ukrainian government, along with an NGO that provides military support, have raised a sum of $63.8 million through over 120,000 crypto asset donations since the beginning of the…
Beware of this new phishing attack!
March 17, 2022
Phishing attacks have been an age-old cybersecurity problem, with threat actors sending out bulk emails in an attempt to trick users into sharing confidential data, fraudulent bank transactions, or entering their passwords via bogus login portals.
Threat actors are exploiting email accounts by hijacking ongoing conversations between the users to send out phishing emails. This method is more…
Lapsus$, the infamous hacking group, claims to have acquired around 200 GB of source code files, which represents over 5,000 GitHub repositories. The Vodafone source code that the hackers claim to have obtained has not been leaked. Instead, they are asking thousands of users to join their Telegram channel.
Vodafone Portugal blamed certain service outages on a “malicious hack” in…
According to a report by Edgescan, organizations continue to take nearly two months to rectify critical risk vulnerabilities, with an average mean time to remediate (MTTR) of 60 days across the complete stack. High rates of “known” (i.e. patchable) vulnerabilities with live exploits employed by the well-known nation-state and cybercriminal groups are not prevalent.
Significantly, 57…
According to the US Federal Bureau of Investigation (FBI), the RagnarLocker threat group breached 52 entities, of which 10 are critical infrastructure sectors including financial services, manufacturing, energy, government, and IT. To avoid suspicion and ensure administrators do not intervene with the deployment process, the ransomware operators breached and disabled remote management software…
The renaissance of the SharkBot malware.
March 10, 2022
An advanced banking malware known as SharkBot has been discovered on the Google Play Store for the second time. It was first discovered in November 2021, the treacherous malware is camouflaged as an antivirus app with virus detection and system cleaning capabilities. By exploiting the accessibility permission on Android devices and granting itself other necessary permissions, the updated version…
Samsung has confirmed a security breach after hacking group – Lapsus$ stole and exposed about 190 gigabytes of proprietary data, including source code for numerous technologies and algorithms for biometric unlock operations. The same group had previously broken into Nvidia and leaked hundreds of employee credentials on the internet.
“We were recently made aware that there was a…
According to SpyCloud research that focuses on exposed data, in 2021, researchers found 1.7 billion exposed credentials, up 15% from 2020, and 13.8 billion reclaimed Personally Identifiable Information (PII) data from breaches.
”Reused passwords have been the leading vector in cyberattacks in recent years, and the threat of digital identity exposure is a growing problem. The findings of…
