Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 11

Apr 9, 2024

NSA Expert: Quantum Computing to Enter Workforce in 3 to 5 Years

Posted by in categories: cybercrime/malcode, government, quantum physics

A national security expert predicts practical quantum computing tools are just three to five years away from integration into the workforce, NextGov is reporting.

Neal Ziring, the Technical Director of the National Security Agency’s (NSA) Cybersecurity Directorate, made the forecast during a recent public sector cybersecurity event hosted by Palo Alto Networks in Palo Alto. As reported by NextGov, Ziring expects the devices to be accessible predominantly through cloud-based platforms.

Ziring added that the impracticality and cost-prohibitive nature of would put on-premise installations for quantum computing systems out of reach for most organizations, including government agencies.

Apr 8, 2024

Watch Out for ‘Latrodectus’ — This Malware Could Be In Your Inbox

Posted by in category: cybercrime/malcode

‘Latrodectus’ strikes via phishing emails. This powerful downloader can execute commands, evade detection, and pave the way for further attacks.

Apr 8, 2024

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

Posted by in category: cybercrime/malcode

Latin America targeted in new phishing attack. Emails contain malicious HTML files disguised as invoices.

Apr 8, 2024

Hackers deploy crypto drainers on thousands of WordPress sites

Posted by in categories: blockchains, cybercrime/malcode

Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds.

Website security firm Sucuri disclosed last month that hackers had compromised approximately 1,000 WordPress sites to promote crypto drainers, which they promoted via malvertising and YouTube videos.

It is believed that the threat actors were unsuccessful with their original campaign and began deploying news scripts on the compromised sites to turn visitors’ web browsers into tools for brute-forcing the admin passwords at other sites.

Apr 8, 2024

Notepad++ wants your help in “parasite website” shutdown

Posted by in category: cybercrime/malcode

The Notepad++ project is seeking the public’s help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project.

Although, at the time of writing, the lookalike website takes visitors to the official Notepad++ downloads page, there is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack.

Apr 4, 2024

New Latrodectus malware replaces IcedID in network breaches

Posted by in categories: cybercrime/malcode, finance

A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023.

The malware was spotted by researchers at Proofpoint and Team Cymru, who worked together to document its capabilities, which are still unstable and experimental.

IcedID is a malware family first identified in 2017 that was originally classified as a modular banking trojan designed to steal financial information from infected computers. Over time, it became more sophisticated, adding evasion and command execution capabilities.

Apr 4, 2024

The Biggest Takeaways from Recent Malware Attacks

Posted by in categories: cybercrime/malcode, education

Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us.

Apr 4, 2024

Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack

Posted by in category: cybercrime/malcode

The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.

Microsoft believes that last May’s Exchange Online hack is linked to a threat actor known as ‘Storm-0558’ stealing an Azure signing key from an engineer’s laptop that was previously compromised by the hackers at an acquired company.

Storm-0558 is a cyberespionage actor affiliated with China that has been active for more than two decades targeting a wide range of organizations.

Apr 4, 2024

Critical flaw in LayerSlider WordPress plugin impacts 1 million sites

Posted by in category: cybercrime/malcode

A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.

LayerSlider is a versatile tool for creating responsive sliders, image galleries, and animations on WordPress sites, allowing users to build visually appealing elements with dynamic content on online platforms.

Researcher AmrAwad discovered the critical (CVSS score: 9.8) flaw, tracked as CVE-2024–2879, on March 25, 2024, and reported it to WordPress security firm Wordfence via its bug bounty program. For his responsible reporting, AmrAwad received a bounty of $5,500.

Apr 4, 2024

Google fixes one more Chrome zero-day exploited at Pwn2Own

Posted by in category: cybercrime/malcode

Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month.

Tracked as CVE-2024–3159, this high-severity security flaw is caused by an out-of-bounds read weakness in the Chrome V8 JavaScript engine.

Remote attackers can exploit the vulnerability using crafted HTML pages to gain access to data beyond the memory buffer via heap corruption, which can provide them with sensitive information or trigger a crash.

Page 11 of 212First89101112131415Last