Google enrolled millions of users in 2-step verification after announcing the effort last year, noting in a release that it caused “the number of accounts hijacked by password theft decrease by 50%.”
The pharmaceutical industry endured a major shift in the threat landscape compared to the early stages of the pandemic from March 2020 to September 2021 as cybercriminals made it a prime target.
Microsoft’s releases address CVEs in Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge, Windows Codecs Library, Microsoft Dynamics, Microsoft Office, and others.
Cybercriminals have found a way to abuse text-based CSV files in a phishing campaign that pretends to be Payment Remittance Advice to install BazarBackdoor malware on users’ systems. In the past two days, researchers have spotted 102 actual non-sandbox corporations, along with government victims. Organizations are warned to stay aware of this threat and its […]
Microsoft shared new information on Gamaredon, also known as ACTINIUM, which has been responsible for a plethora of spear-phishing attacks against Ukrainian organizations since October 2021. One of the techniques used by Gamaredon was sending spear-phishing emails containing malicious macro as attachments that use remote templates.
Researchers have detected new activity of Roaming Mantis; attackers have modified the Android trojan Wroba to target Android and iPhone users in Germany and France to steal credentials. Germany and French officials have alerted users about smishing messages with package notifications and compromised websites being used as landing pages.
CVE-2021-38008 is a use-after-free vulnerability that triggers if the user opens a specially crafted web page in Chrome that could lead to the execution of remote code on the targeted machine.
Microsoft is temporarily disabling the MSIX ms-appinstaller protocol handler following evidence that a vulnerability in the installer component was exploited by attackers to deliver various malware.
A vulnerability in the CMS of cryptocurrency news site CoinDesk allowed hackers “to trade on nonpublic information ahead of the publication of at least one article,” according to the publication.
A politically motivated APT group has expanded its malware arsenal to include a new remote access trojan (RAT) in its espionage attacks aimed at Indian military and diplomatic entities.