Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a […]
ClickFix Spin-off Attack Bypasses Key Browser Safeguards
A new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware. […]
1 Year Later: Lessons Learned From the CrowdStrike Outage
The ever-growing volume of vulnerabilities and threats requires organizations to remain resilient and anti-fragile — that is, to be able to proactively respond to issues […]
Gamaredon Unleashes Six New Malware Tools for Stealth, Persistence, and Lateral Movement
Gamaredon, a Russia-aligned advanced persistent threat (APT) group attributed by Ukraine’s Security Service (SSU) to the FSB’s 18th Center of Information Security, has exclusively targeted […]
Chinese Student Charged in Mass Smishing Campaign to Steal Victims’ Personal Information
Ruichen Xiong, a student from China, has been sentenced to over a year in prison at Inner London Crown Court for orchestrating a large-scale smishing […]
Sixfold surge of ClickFix attacks threatens corporate defenses
Incidents of ClickFix — the social engineering attack technique that tricks users into executing malicious code — are skyrocketing. ClickFix attacks typically involve displaying a […]
Cybercriminals Use Malicious PDFs to Impersonate Microsoft, DocuSign, and Dropbox in Targeted Phishing Attacks
Cisco’s Talos security team has uncovered a surge in sophisticated phishing campaigns leveraging malicious PDF payloads to impersonate trusted brands like Microsoft, DocuSign, and Dropbox. […]
FileFix Attack Chain Enables Malicious Script Execution
By using social engineering tactics, threat actors are able to manipulate their victims into saving and renaming files that will backfire against them. ​The original […]
New macOS Malware Uses Process Injection and Remote Access to Steal Keychain Credentials
A sophisticated campaign by North Korean (DPRK)-aligned threat actors targeting Web3 and cryptocurrency businesses has been uncovered, showcasing an alarming evolution in macOS malware tactics. […]
Auf der Suche nach Alternativen zum CVE-Programm
Sollte das CVE-Programm eingestellt werden, wäre die Bewertung und Behebung von Sicherheitslücken schwieriger. Dave Hoeek – shutterstock.com Der jüngste kurze Panikausbruch wegen der möglichen Einstellung […]