Post-quantum cryptography has arrived by default with the release of the new OpenSSH 9 version and the adoption of the hybrid Streamlined NTRU Prime + x25519 key exchange method.
Hiya has detected the newest scam call tactic, the eavesdropping scam. The new scam aims to get users to call back by leaving vague voicemail messages where an unknown voice is heard talking about the potential victim.
The huge payoffs and low risks associated with BEC scams have attracted criminals worldwide. Some flaunt their ill-gotten riches on social media, posing in pictures next to Ferraris, Bentleys, and stacks of cash.
Egress announced the results of a report, which revealed that 56% of IT leaders say that their non-technical staff is only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack.
For the past month, a hacking group known as NB65 has been breaching Russian entities, stealing their data, and leaking it online, warning that the attacks are due to Russia’s invasion of Ukraine.
Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware.
An update to Raspberry Pi OS Bullseye has removed the default ‘pi’ user to make it harder for attackers to find and compromise Internet-exposed Raspberry Pi devices using default credentials.
Security researchers discovered a new information stealer named FFDroider that steals credentials and cookies stored in browsers in order to hijack victims’ social media accounts. FFDroider spreads via software cracks, games, free software, and files downloaded from torrent sites. Users are advised to upload their downloads to VirusTotal to check if the download files or software […]
Cicada or APT10 is targeting organizations across different sectors, including government, legal, religious, and NGOs, in an ongoing espionage campaign that began months ago. Multiple attacks were spotted on Microsoft Exchange Servers, suggesting exploitation of a known or unpatched vulnerability to gain access to victim networks.
Ukraine CERT warned against a spear-phishing campaign by Russia-linked Armageddon APT. While one campaign targets Ukrainian organizations, the other focuses on government agencies in the EU. Concerned organizations are recommended to follow the guideline at the CERT-UA site for countermeasures.