Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit

A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia.

DARKReading
Open in Source
#xss#vulnerability#web#mac#microsoft#java#php#backdoor#perl#zero_day
Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware

The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious ads that are served when potential victims search for "WhatsApp web" on search engines. "The

Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram

Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: hong kong Tags: malware Tags: whatsapp Tags: telegram Ads on Google for popular communication apps are used as a lure to compromise the devices of people from Hong Kong. (Read more...) The post Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram appeared first on Malwarebytes Labs.

VMWare Aria Operations For Networks SSH Private Key Exposure

VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.

Israeli-Hamas Conflict Spells Opportunity for Online Scammers

As the conflict in the Middle East rages, malicious actors look to exploit the situation with bogus charity sites encouraging donations.

Make API Management Less Scary for Your Organization

While application development has evolved rapidly, the API management suites used to access these services remain a spooky reminder of a different era. Introducing new API management infrastructure with these legacy models still poses challenges for organizations as they modernize. Transitioning from monolithic architectures to agile microservices empowers developers to make quick changes. Using

Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks

The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The findings come from Kaspersky, which detailed the great lengths the adversary behind the campaign, dubbed Operation Triangulation, went to conceal and cover up

1Password reports security incident after breach at Okta

Categories: News Tags: 1Password Tags: Okta Tags: HAR file Tags: session Password manager 1Password says it’s been affected by a breach at Okta, but it reports no user data has been stolen. (Read more...) The post 1Password reports security incident after breach at Okta appeared first on Malwarebytes Labs.

Valve's 2FA Mandate for Game Developers Shows SMS Stickiness

Despite warnings that sending one-time passwords via text messages is a flawed security measure, companies continue to roll out the approach, especially in consumer-facing applications.