Researchers from Unit 42 analyze Automated Libra, the group of cloud threat actors responsible for PurpleUrchin, the freejacking campaign. It is been observed that Automated Libra has been refining its methods to profit from cloud platform resources used for cryptocurrency mining. Threat actors abuse free cloud resources by using a new CAPTCHA-solving technique, more aggressive CPU resource...Read More
Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses# Web...Read More
A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. The technique “could act as an entry point for an attack on many organizations,” Aqua security researcher Ilay Goldman said in a report published last week....Read More
Leading digital banking infrastructure provider Signzy announced the launch of its award-winning Video KYC Solution on Salesforce AppExchange. This integration will allow customers to offer a fast and accurate end-to-end KYC and onboarding experience to their end customers. Integrated directly with Salesforce, the Video KYC solution is currently available on AppExchange at https://appexchange.salesforce.com/listingDetail?listingId=a0N3u00000PtSR3EAN&tab+=e&tab=e Signzy’s video...Read More
By using email attachments that resemble regular documents, a variant of Dridex (aka Bugat and Cridex), which is a banking malware is spreading to others through macOS. Prior to now, the malware had been targeting Windows, but now it has been switched to attacking macOS instead, as reported by security researchers at Trend Micro. Dridex...Read More
Meta Platforms Inc’s WhatsApp said on Thursday users of the messaging app will now be able to use proxy servers to access the service in countries where the app is blocked. A proxy server is an intermediary between users and web services and acts as a web filter that allow netizens to circumvent restrictions and...Read More
The data included an email address, name, screen name or username, account creation date, and follower count, was offered for 8 forum credits, or $200,000, on a well-known hacker forum Over 200 million Twitter users were included in a data dump that was previously sold for $20,000, according to researchers in cyber security. According to...Read More
Hackers could have performed malicious activities through API security vulnerabilities in nearly twenty car manufacturers and services. As a result of these vulnerabilities, hackers could be able to perform the following activities:- Unlocking cars Starting cars Tracking cars Exposing customers’ personal information All the twenty car brands are well-known brands that were affected by these...Read More
Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN...Read More
Challenges with an enforcement-based approach# An enforcement-based approach to security begins with a security policy backed by security controls, often heavy-handed and designed to prevent employees from engaging in risky behavior or inadvertently expanding the potential attack surface of an organization. Most organizations exclusively use enforcement-based security controls, usually carried out at the network level...Read More
Nulla vitae elit libero, a pharetra augue. Nulla vitae elit libero, a pharetra augue. Nulla vitae elit libero, a pharetra augue. Donec sed odio dui. Etiam porta sem malesuada.