EU Authorities Deal Blow to RagnarLocker Ransomware Operations
Law enforcement agencies throughout Europe and the United States took a big swing at the notorious RagnaLocker ransomware group, arresting a malware developer, seizing parts of its infrastructure, and shutting down negotiations and leak sites on the Tor network. During the operation, which stretched over the last four days and ... Read More
U.S. Seizes Money, Domains Involved In North Korea IT Worker Scam
U.S. law enforcement agencies over the past year seized 17 web domains and almost $1.5 million as part of an ongoing effort to shut down a North Korean program to plant IT workers from the country in organizations around the world to steal money and information. The U.S. Justice Department ... Read More
Use of QR Codes in Phishing Campaigns is on the Rise
QR codes are quickly becoming a favorite tool of bad actors looking to launch phishing attacks, with one cybersecurity vendor saying the strategy appeared in 22% of phishing campaigns it detected in the first weeks of October. The numbers collected by Hoxhunt feed into the growing amount of data detailing ... Read More
Google Enhances Play Protect to Defend Against Polymorphic Malware
Google is strengthening its Google Play Protect tool with new real-time scanning features that aim to deal with the growing challenge of malicious apps that use polymorphic malware to evade detection. The new capabilities enable Play Protect to scan in real time apps that have never been scanned before and ... Read More
Spoofed Rocket Alert App Targets Israeli Android Users with Spyware
As violence and protests spread in the chaotic war between Israel and Hamas, evidence of the parallel battle going on in cyberspace continue to emerge. It started almost immediately after the initial bloody incursion by Hamas fighters into southern Israel October 7, with cybersecurity experts detecting multiple threat groups launching ... Read More
Digital Identity Firms Being Bolstered by Investments
Investment money is flowing into a fast-growing digital identity solutions market that is being fueled by the ongoing increase in data breaches launched via identity scams, a government focus on the issue, and the fallout from the COVID-19 pandemic. “The impact of the pandemic on the digital identity market cannot ... Read More
CISA and FBI to Network Admins: Patch Atlassian Confluence Now
Federal security agencies are urging network administrators to immediately patch Atlassian Confluence servers to protect against a critical security flaw that is being exploited by cybercriminals. The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and Multi-State Information Sharing and Analysis Center (MS-ISAC) this week issued an advisory saying that the ... Read More
EPA Withdraws Cybersecurity Requirements for Water Systems
The Environmental Protection Agency in March ordered states to begin assessing the cybersecurity of their public water systems, a part of the Biden Administration’s multi-pronged effort to shore up the protections around the country’s critical infrastructure operations. Seven months later, the agency is withdrawing the order in the wake of ... Read More
RomCom Malware Group Targets EU Gender Equality Summit
A hacker group that continues to extend its reach from financially motivated attacks into cyber-espionage this summer targeted attendees of a gender equality conference with a pared-down version of the RomCom remote access trojan (RAT). Void Rabisu – also known as Tropical Scorpius, Storm-0978, and UNC2596 – in August leveraged ... Read More
Microsoft Launches an AI Bug Bounty Program
As Microsoft aggressively integrates AI into its broad portfolio of products and services, the IT giant now is looking for help to ensure they are free of vulnerabilities. The company this month unveiled a new bug bounty program that will pay between $2,000 and $15,000 for flaws found in its ... Read More
