A researcher from CyberArk demonstrated how a cheap device can be exploited to break into over 70% of Wi-Fi networks in one Tel Aviv community. According to researchers, the sniffing technique used in the experiment only works with routers supporting roaming features. Users should use complex passwords as well as turn off roaming when not […]
Kaspersky revealed two separate supply chain attacks by Lazarus Group aimed at an IT asset monitoring solution vendor, a South Korean think tank, and the defense industry. Hackers use a Racket downloader (signed with a stolen certificate) in the infection chain. Organizations must stay alert and focus on defense efforts against such threats.
A Chrome 95 update released by Google patches two actively exploited Chrome vulnerabilities, as well as flaws that were disclosed recently at Tianfu Cup, a Chinese hacking contest.
Ransomware infiltrated and compromised a core server at the department of finance last week, hampering the government’s access to foreign aid, its ability to pay cheques, and carry out other basic functions in the midst of a spiraling Covid-19 surge.
Twelve people have been targeted by an international law enforcement operation for involvement in over 1,800 ransomware attacks on critical infrastructure and large organizations around the world.
Apple has delivered a barrage of updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that’s actively exploited by attackers.
The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms. As per ESET, Hive’s new encryptors are still in development and still lack functionality.
Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.
Cisco Talos warned against SquirrelWaffle malware that is spreading quickly via spam campaigns. Experts believe it has the potential to become the next big threat in the spam space. Hackers use the DocuSign signing platform as a lure to fool targeted users into enabling macros on their MS Office suite. Analysts suggest, Squirrelwaffle may be […]
Morphisec Labs has identified a new strain of ransomware, implemented in Go 1.17 and named DECAF. The first version, which includes symbols and test assertion, was identified in late September.