Researchers shed light on evolving objectives of the Void Rabisu hacking group as they uncovered a campaign that used a fake version of the Ukrainian army’s Delta situational awareness website to lure targets into installing the RomCom backdoor. While their previous operations were centered on data exfiltration and intelligence collection, the latest campaign suggests their […]
A new Android malware threat was discovered targeting users primarily located in India. Named DogeRAT, the malware is distributed through social media and messaging platforms disguised as Opera Mini, OpenAI ChatGPT, and premium versions of Netflix and YouTube. It can gain unauthorized access to a user’s sensitive data, including contacts, messages, and banking credentials.
Barracuda has disclosed information about a recent attack campaign that exploits a zero-day vulnerability in its ESG appliances to deploy three different malware strains. The CISA added the flaw to its KEV catalog last week, urging federal agencies to apply the patches by June 16.
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say.
U.S. and South Korean intelligence agencies have issued a new alert warning of North Korean cyber actors’ use of social engineering tactics to strike think tanks, academia, and news media sectors.
Leading snowboard maker Burton Snowboards confirmed notified customers of a data breach after some of their sensitive information was “potentially” accessed or stolen during what the company described in February as a “cyber incident.”
The most severe of these is CVE-2023-32707, a privilege escalation issue that allows low-privileged users with the ‘edit_user’ capability to escalate privileges to administrator, via a specially crafted web request.
A trove of documents, images, and videos from the offices of Iranian President Ebrahim Raisi posted online Monday appear to be authentic, cybersecurity experts familiar with the matter told CyberScoop on Wednesday.
The misconfiguration led to the exposure of approximately 250,000 files. 42,000 of them contained the sensitive data of job seekers, namely: Full names, Dates of birth, Occupation history, Home addresses, Phone numbers, and Email addresses.
The Cyber Incident Reporting Council will issue a report to Congress “in the next month or two” with recommendations on ways to achieve harmony across a complex network of federal cyber mandates.