SideWinder was observed using credential phishing pages copied from their victims’ webmail login pages and modified for phishing targets based in South Asian countries.
Israeli phone-hacking firm Cellebrite can now break into Signal, an encrypted messaging app considered safe from external snooping, it claimed in a blog post on Thursday.
Hewlett Packard Enterprise (HPE) has disclosed a zero-day flaw in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux.
Of the 88 domain names publicly attributed to APT1, 28 remain active in the Domain Name System as of 4 December 2020. Of the remaining 23 APT1 domain IoCs, 19 were cited as “malicious” by VirusTotal.
Infosec consultancy Pen Test Partners said it took all of 90 minutes to discover enough problems with Dualog Connection Suite to submit six CVE number requests for the discovered flaws.
GDPR was enacted in 2018, but the Twitter case is the first using a new dispute resolution system under which one lead national regulator makes a decision before consulting with other EU regulators.
Newly discovered Windows info-stealing malware linked to an active threat group tracked as AridViper shows signs that it might be used to infect computers running Linux and macOS.
The Ransomware-as-a-Service (RaaS) and affiliate program deploy MountLocker widely across corporate networks, seeking multimillion-dollar payments for decryption services.
The operators behind Operation StealthyTrident have launched supply-chain attacks against hundreds of Mongolian government agencies by exploiting a legitimate software called Able Desktop.
The campaign has targeted consulting, technology, telecom, and other entities such as multiple federal government agencies, including the US Treasury and Commerce departments.