Monthly Archives: March 2023

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing...

27
Mar
U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

In what’s a case of setting a thief to catch a thief, the U.K. National...

25
Mar
Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with...

25
Mar
OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible...

25
Mar
Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

A malicious Python package on the Python Package Index (PyPI) repository has been found to...

24
Mar
THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps

Any app that can improve business operations is quickly added to the SaaS stack. However,...

24
Mar
GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH...

24
Mar
Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly...

24
Mar
Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for...

24
Mar
IOTW: Dark web hacking forum shuts down after FBI arrests its top admin
March 24, 2023

BreachForums, a dark web hacking forum, has been shut down following the arrest of its...

Threat Report 24th March 2023
March 24, 2023

The NCSC’s threat report is drawn from recent open source reporting....

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

Google has stepped in to remove a bogus Chrome browser extension from the official Web...

23
Mar
Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps

An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target...

23
Mar
2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks

In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial...

23
Mar
Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers

Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced...

23
Mar
Google suspends Pinduoduo app over malware concerns
March 23, 2023

The app has been suspended for failing to be compliant with Google’s policy...

German and South Korean Agencies Warn of Kimsuky’s Expanding Cyber Attack Tactics

German and South Korean government agencies have warned about cyber attacks mounted by a threat...

23
Mar
The new route for cyber security professional recognition
March 23, 2023

What the UK Cyber Security Council’s Chartership programme means for the CCP scheme and the...

CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on...

22
Mar
ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled...

22
Mar
Lessons from a Scam Artist

What does a government scam, an IT support scam and a romance scam have in...

22
Mar
Preventing Insider Threats in Your Active Directory

Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. With...

22
Mar
Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware

The NuGet repository is the target of a new “sophisticated and highly-malicious attack” aiming to infect .NET...

22
Mar
New NAPLISTENER Malware Used by REF2924 Group to Evade Network Detection

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed...

22
Mar
BreachForums Administrator Baphomet Shuts Down Infamous Hacking Forum

In a sudden turn of events, Baphomet, the current administrator of BreachForums, said in an...

22
Mar
Leveraging NCSC’s national insight to strengthen the fight against mobile threats
March 22, 2023

Traced Mobile Security co-founder Benedict Jones describes how ‘NCSC for Startups’ helped evolve his business....

New ‘Bad Magic’ Cyber Threat Disrupt Ukraine’s Key Sectors Amid War

Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk,...

21
Mar
New ShellBot DDoS Malware Targeting Poorly Managed Linux Servers

Poorly managed Linux SSH servers are being targeted as part of a new campaign that...

21
Mar
The Best Defense Against Cyber Threats for Lean Security Teams

H0lyGh0st, Magecart, and a slew of state-sponsored hacker groups are diversifying their tactics and shifting...

21
Mar
From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most...

21
Mar