Microsoft decided to address this EoP bug, reaching out to Project Zero to let the researchers know that it had decided to work on the issue despite initially stating that it was “out of scope.”
FluBot is a type of malware targeting Android users, but iPhone users can also receive messages. It tells the receiver they missed a call or have a new voicemail, providing a fake link to listen.
T-Mobile said on Friday that an ongoing investigation revealed that hackers accessed information of an additional 5.3 million customers, bringing the total number to more than 53 million.
Qurium reported that the attackers launched billions of “malicious web requests” comprising application-layer web floods, which is a form of DDoS (Distributed Denial of Service) attack.
A group of academics stated that network middleboxes such as firewalls, Network Address Translators (NATs), load balancers, and Deep Packet Inspection (DPI) boxes can be weaponized to launch more sophisticated DDoS reflection amplification attacks.
FluBot was found targeting finance apps belonging to Polish and German banks by impersonating the app’s login form in a new overlay attack. Earlier, in the month of June, this malware was seen imitating postal and logistic service apps to lure its victims. While smartphone users must restrict access to known FluBot lure sites, users should […]
IBM X-Force Threat Intelligence studied different versions of the Diavol ransomware whose code configuration hinted at a possible link to the TrickBot group. TrickBot has been observed using group and campaign IDs, which are used by Diavol as well. Experts say, sharing threat intelligence between organizations can be a good way to stop such threats.
Check Point Research said the Indra APT group was behind crippling Iran’s transport ministry and national train system in a cyberattack recently. Attackers disseminated three different versions of Meteor, Stardust, and Comet wipers into the victim’s network. Even though the group has not taken responsibility for the recent attack on Iran, the multiple similarities in tactics and […]
While SMS-based 2FA is also available, GitHub urges users to choose security keys or TOTPs wherever possible since SMS is less secure given that threat actors can bypass or steal SMS 2FA auth tokens.
The incident, which occurred in mid-August, marks another tactical swerve in the ever-shifting world of ransomware techniques and at least three companies have fallen victim to it.