The NIST strengthened its cybersecurity efforts on Tuesday by renewing its partnerships with the state of Maryland and Montgomery County that underpin the National Cybersecurity Center of Excellence (NCCoE).

The new Sharp Panda campaign uses spear-phishing emails with malicious DOCX file attachments that deploy the RoyalRoad RTF kit to attempt to exploit older vulnerabilities to drop malware on the host.

Attacks exploiting cloud systems nearly doubled in 2022, and the number of hacking groups that can target the cloud tripled last year, according to a CrowdStrike report released last week.

Security researchers at Kroll laid bare a malicious PyPI package called Colour-Blind. The malware package is a fully-featured info-stealer RAT with a plethora of features and capabilities, including the theft of crypto wallet data. According to researchers, the malware “points to the democratization of cybercrime” to help adversaries develop their own variations based on the […]

The threat actor’s campaigns attempt to convince high-profile North American and European government officials as well as CEOs of prominent companies and celebrities into participating in recorded phone calls or video chats.

Security analysts at Metabase Q uncovered the new FiXS ATM malware that targets Mexican bank customers. Though the initial attack vector is unclear as of now, analysts have discovered hackers using an external keyboard, like in Ploutus attacks. The FiXS malware releases money 30 minutes after the latest ATM reset, leveraging the Windows GetTickCount API.

The Chinese threat actors reportedly leveraged “valid credentials” to compromise ASEAN’s Microsoft Exchange servers, which used mail.asean.org and auto.discover.asean.org domains.

The app was found to send the contents of the clipboard to a remote server if a particular pattern was present, though it is not clear whether there was any malicious intent behind the behaviour.

A cryptojacking operation was found using an authentic, open-source command-line file transfer service to carry out its attack against misconfigured Redis database servers. Although the objective of the campaign is to mine cryptocurrencies, the script performs several additional tasks to ensure the effective utilization of resources. It is imperative that administrators actively monitor any misconfigurations […]

Hackers have stolen several terabytes of corporate and employee information from controversial Brazilian multi-national Andrade Gutierrez, in a raid the firm reportedly still hasn’t acknowledged.