A malicious IcedID malware campaign was identified recently by Cyble researchers through which threat actors are actively spreading malware using modified versions of the Zoom application that have been trojanized. Due to the growing awareness of the COVID-19 pandemic in recent years, Zoom has become increasingly popular in recent years. A dramatic increase in remote work has...Read More

One of the greatest challenges for cybersecurity teams is the constantly shifting security landscape. Evolving geopolitics, the resulting tension between economic progress and security, and the perceived cyber threat drives a lot of the negative perceptions around cybersecurity. However, while it is easy to get distracted by eye-catching headlines about cybersecurity lapses, cybersecurity capabilities are...Read More

A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service (DoS) attacks. “To better interact with users, a wide range of database applications employ AI techniques that can translate human questions into SQL queries (namely Text-to-SQL),” Xutan Peng, a researcher...Read More

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and python styles. The malicious code, as is increasingly the case, is concealed...Read More

Researchers from Unit 42 analyze Automated Libra, the group of cloud threat actors responsible for PurpleUrchin, the freejacking campaign. It is been observed that Automated Libra has been refining its methods to profit from cloud platform resources used for cryptocurrency mining. Threat actors abuse free cloud resources by using a new CAPTCHA-solving technique, more aggressive CPU resource...Read More

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses# Web...Read More

A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. The technique “could act as an entry point for an attack on many organizations,” Aqua security researcher Ilay Goldman said in a report published last week....Read More

Leading digital banking infrastructure provider Signzy announced the launch of its award-winning Video KYC Solution on Salesforce AppExchange. This integration will allow customers to offer a fast and accurate end-to-end KYC and onboarding experience to their end customers. Integrated directly with Salesforce, the Video KYC solution is currently available on AppExchange at https://appexchange.salesforce.com/listingDetail?listingId=a0N3u00000PtSR3EAN&tab+=e&tab=e Signzy’s video...Read More

By using email attachments that resemble regular documents, a variant of Dridex (aka Bugat and Cridex), which is a banking malware is spreading to others through macOS. Prior to now, the malware had been targeting Windows, but now it has been switched to attacking macOS instead, as reported by security researchers at Trend Micro. Dridex...Read More

The data included an email address, name, screen name or username, account creation date, and follower count, was offered for 8 forum credits, or $200,000, on a well-known hacker forum Over 200 million Twitter users were included in a data dump that was previously sold for $20,000, according to researchers in cyber security. According to...Read More