A new variant of UpdateAgent macOS malware was tracked, indicating ongoing attempts on the part of its authors to upgrade its functionalities. The new dropper is a Swift-based executable, which masquerades as Mach-O binaries such as PDFCreator and ActiveDirectory. It is recommended to stay alert for suspicious behaviors of rogue apps downloaded from unknown sources.
Threat actors are abusing Discord’s CDN with the new SYK crypter designed to dodge behavior-based security controls while opening a gate to different malware families, such as AsyncRAT, NanoCore RAT, and more. The increasing number of people using the community chat platform has continued attracting cybercriminals.
VMware warned customers today to immediately patch a critical authentication bypass vulnerability “affecting local domain users” in multiple products that can be exploited to obtain admin privileges.
Such actions have created tension internally within the threat actor groups as it has caused dissension, and externally, as organizations fear being targeted due to the political nature of the war.
In a survey commissioned by Invicti, some 41% of the security professionals and 32% of the developers surveyed said they spend more than five hours each workday addressing security issues that should not have occurred in the first place.
ShadowServer is conducting daily scans of the IPv4 space on ports 443 and 6443, looking for IP addresses that respond with an HTTP 200 OK status, which indicates that the request has succeeded.
The merchant maritime sector functions with vessels that have been operational for anything from a few years to a few decades. The older vessels have had new technology added to improve efficiency through digitization and automation.
The alleged data leak involves information purportedly stolen from the National Registration Department (NRD). Local tech portal Amanz reported that the database, 160GB in size, is being sold for US$10,000 (S$13,846) on the dark web.
Cisco Talos revealed an ongoing campaign operated by the APT actor since August 2021. The campaign has been launched against an elite unit of the Bangladeshi government via spear-phishing emails.
The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of the utility “sqlps.exe,” the tech giant said in a series of tweets.