A joint advisory from the CISA, the FBI, the MS-ISAC, and the Canadian Centre for Cyber Security (CCCS) discovered a rise in the use of the Truebot malware by threat actors. Notably, these actors are increasingly exploiting the CVE-2022-31199 flaw to target organizations in the U.S. and Canada with the malware. Organizations are also advised […]
A survey by Malwarebytes revealed that a majority of respondents do not trust the information produced by ChatGPT and believe it poses potential safety and security risks.
The apps, both from the same publisher, can launch without any user interaction to steal sensitive data and send it to servers in China. Despite being reported to Google, the two apps continue to be available in Google Play at the time of publishing.
The threat actors behind the attacks compromised target networks by exploiting a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software tracked as CVE-2022-31199.
A new tool available on GitHub can enable attackers to misuse a recently disclosed vulnerability in Microsoft Teams and automatically deliver malicious files to users’ systems.
“There are indications that the following [vulnerabilities] may be under limited, targeted exploitation,” reads Google’s bulletin, highlighting CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136.
The recent detection of RedEnergy stealer-as-a-ransomware represents an advanced threat that combines stealthy data theft and encryption techniques to cause significant damage and seize control over its targets.
Discovered on January 10, the data breach occurred between December 23, 2022, and January 19, 2023, and resulted in the personal, financial, and health information of the company’s employees being accessed by an unauthorized party.
ASEC recently discovered that Crysis ransomware attackers were scanning the internet, via brute force or dictionary attacks, for vulnerable RDP endpoints to install Venus ransomware on systems.
Tracked as CVE-2023-20185, the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches.