AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns. Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders. Zscaler’s Phishing Report 2024 is based on an analysis of more than 2 billion phishing reports that occurred in 2023 and provides insights into future trends, current campaigns, prime targets within various regions/industries/brands as well as threat actors using AI. This report demonstrates the need for constant alertness and zero t ..read more

The widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code execution, Arbitrary code injection, and Prototype Pollution. These vulnerabilities have been assigned with CVE-2024-21508, CVE-2024-21509, and CVE-2024-21511. The severity of these vulnerabilities ranges from 6.5 (Medium) to 9.8 (Critical). While only one of these vulnerabilities has been patched, the other two remain and must be fixed by the Vendor.  MySQL2 Flaw Vulnerability According to the reports shared with Cyber Security News, the node-mysql2 library allows users to connect to the databa ..read more

This campaign is observed to be targeting multiple countries, including the U.S., Nigeria, Germany, Egypt, the U.K., Poland, the Philippines, Norway, and Japan. The threat actor behind this ongoing campaign has been identified as “CoralRaider, ” whose Tactics, Techniques, and Procedures (TTPs) overlap with the current campaign.  The threat actor’s previous campaigns, which included using a Windows Shortcut file, identical PowerShell Decryptor and Payload download scripts, and FoDHelper techniques for bypassing UAC (User Access Control) on the victim machine, are similar. CoralRaider Hacke ..read more

A new type of Remote Access Trojan (RAT) named Spyroid has been identified. This malicious software is specifically designed to infiltrate Android systems, stealing confidential data and compromising user privacy. What is Spyroid RAT? Spyroid RAT is a sophisticated malware that targets Android devices. Once installed, it grants cybercriminals unauthorized access to the device. This access allows them to steal sensitive information such as login credentials, financial data, and personal messages. The Trojan operates silently, making it difficult for users to detect its presence until it’s too l ..read more

Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites sending user data to a controversial Chinese advertising technology vendor, Yeahmobi. This discovery raises significant concerns about privacy and the integrity of data handling by public sector organizations. Data Collection Methods Silent Push’s investigation began with implementing three core ad tech standards—ads.txt, app-ads.txt, and sellers.json—into their data collection practices. These standards are crucial for transparency in digital advertising, providing clear information about which com ..read more

Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members aiming to undermine affiliate confidence. In response, LockBit publicly exposed an affiliate payment dispute, potentially causing further affiliate migration.  The behavior of a major RaaS group is puzzling, as the financial loss from the dispute seems insignificant compared to the reputational damage.  The disappearance of RaaS groups like BlackCat disrupts ransomware affiliates, forcing them to decide their next steps. Some may exit cybercrime entirely, while others may ..read more

IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure software market player. This potential acquisition is part of IBM’s transformation into a hybrid cloud and AI-focused enterprise. Potential Acquisition Details Sources close to the matter indicate that IBM could soon reach an agreement to acquire San Francisco-based HashiCorp. While the discussions are advanced, there remains a possibility that the talks could fall through without resulting in a deal. Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Down ..read more

The United States Justice Department has announced big rewards for information leading to the capture of four Iranian nationals. These individuals are accused of conducting a sophisticated multi-year cyber campaign against American companies. The announcement underscores the gravity of cyber threats and the U.S. government’s commitment to countering such illegal activities. The indictment, unsealed in a Manhattan federal court, names Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab as the perpetrators behind a concerted effort to compromise the U.S. governmen ..read more

When cyber attacks strike, it’s rarely a single computer that suffers. Nowadays, cybercriminals set their sights on corporate networks, aiming to infiltrate and compromise multiple systems. But how do these bad actors manage to breach large networks? It all starts with a foothold. Whether through brute-force attacks on remote desktop protocols, exploiting vulnerabilities in public-facing applications, or cleverly crafted phishing emails that lure unsuspecting employees, cybercriminals find their way in. Once inside, they start their lateral movement—exploring the network, seeking out valuable ..read more

To combat the misuse of commercial spyware, the United States Department of State has announced visa restrictions on 13 individuals linked to developing and selling these invasive technologies. This decision underscores a broader initiative by the U.S. government to address the proliferation of spyware that threatens personal privacy, national security, and human rights. Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide Crackdown on Spyware Misuse Matthew Miller, the Department Spokesperson, revealed the new measures in a press statement d ..read more