TA551 has been found targeting victims by email thread hijacking using a red-teaming toolkit and adversary simulation framework called Sliver. Experts revealed that the attackers have been using this technique since October 20. The use of open-source pentest tools is becoming more popular among cybercriminals.
A plan by the UK telecoms regulator to block scam calls from abroad could save consumers nearly £10m annually in money lost to phone fraudsters, according to a new study from Comparitech.
A recent investigation conducted by RiskIQ revealed that threat actors abused the Discord channel to deliver a total of 27 unique malware families. This included backdoors, password stealers, spyware, and trojans.
On Monday and Tuesday, Apple released iOS 14.8.1, iPadOS 14.8.1, watchOS 8.1, and tvOS 15.1, patching 24 security vulnerabilities, including some critical flaws, in total.
A new survey by Deloitte suggests the majority of US executives have encountered a cybersecurity incident but this has not translated into the creation of incident response plans.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday published an advisory to inform organizations about these flaws and the availability of fixes.
A vulnerability, discovered by Hashcat’s lead developer Jens “atom” Steube, is at the heart of the attack. This bug can be exploited to retrieve PMKID hashes to crack network passwords.
It’s a tactic designed to scam people in the fastest way imaginable. The scammer makes a minimal effort, they send a message to potential victims on Steam or on services such as Discord.
Researchers at Texas A&M University and the University of Florida discovered Gummy Browsers, a new fingerprint capturing and browser spoofing attack. This attack technique can be leveraged to bypass 2FA on auth systems. While security analysts and experts will work toward addressing such threats, users must pay attention to suspicious activities in their digital profiles/ accounts.
After Internet Explorer, Magnitude Exploit Kit has been observed infecting Chromium-based browsers running on Windows OS in a series of attacks. It abuses two flaws: the first one is a remote code execution issue and the other is a privilege escalation bug. Researchers recommend ensuring timely patches and software updates.