On Monday, Google said that it’s suing a threat actor who has been tracked operating fraudulent websites to dupe people into buying puppies that don’t exist. “The actor used a network of fraudulent websites that claimed to sell basset hound…
Unprotected API could expose names, places, times of bookings made using app An open-source scheduling platform has an access control vulnerability. Unauthenticated attackers had easy access to personally identifiable information (PII) thanks to Easy!Appointments, according to a security researcher. The…
Egress reports that 56% of IT leaders say their non-technical staff are partially prepared or not at all prepared for a security attack. A survey of 600 hundred IT security leaders from several industries regarding organisations’ security posture in a…
FFDroider and Lightning Stealer are two different information-stealing malwares that are capable of syphoning data and initiating subsequent attacks, according to cybersecurity analysts. In a paper published last week, Zscaler ThreatLabz researchers Avinash Kumar and Niraj Shivtarkar stated, “Designed to…
Cado Security researchers claim to have identified the first publicly known malware targeted against Amazon Web Services’ serverless computing technology, AWS Lambda, indicating a new cloud vulnerability that organisations should be aware of. “Because serverless is such a new technology,…
Hackers are distributing fake shopping apps to steal Malaysian users’ banking information. Since at least November 2021, threat actors have been distributing malicious applications disguised as seemingly harmless shopping apps to target customers of eight Malaysian banks. The attacks involved…
A new malware targeting Amazon Web Services (AWS) Lambda serverless computing platform has been detected. Called “Denonia,” after the name of the domain it communicates with, “the malware uses newer address resolution techniques for command and control traffic to evade…
The Hive ransomware group has adopted a new obfuscation technique to evade detection. The technique involves IPv4 addresses and a series of conversions leading to the download of the Cobalt Strike Beacon. The Technique of IPfuscation Sentinel Labs researchers discovered…
A new WhatsApp phishing campaign has been detected, posing as WhatsApp’s voice message function and attempting to deliver malware to at least 27,655 email addresses. The goal of this phishing effort is to lead the recipient through a sequence of…
Cybersecurity researchers have thoroughly reported a “simple but efficient” persistence method used by a relatively new malware loader called “Colibri.” Colibri has been put to use as a windows information stealer known as Vidar in an attack campaign. “The attack…
