Zeljka Zorz
Fake subscription invoices lead to corporate data theft and extortion
A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software to steal sensitive data and extort money from small and medium-size businesses. …
Google seeks to make Cobalt Strike useless to attackers
Google Cloud’s intelligence research and applications team has created and released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by …
Electronics repair technicians snoop on your data
When your computer or smartphone needs repairing, can you trust repair technicians not to access or steal your personal data? According to the results of a recent research by …
SSVC: Prioritization of vulnerability remediation according to CISA
Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability …
Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands
The Ukrainian CERT (CERT-UA) has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are …
Photos: IRISSCON 2022
IRISSCON, the annual cyber crime-themed conference organized by the Irish Reporting and Information Security Service (IRISS), was held in Dublin, Ireland on Thursday, November …
Microsoft fixes many zero-days under attack
November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and …
Malicious droppers on Google Play deliver banking malware to victims
Android users are often advised to get mobile apps from Google Play, the company’s official app marketplace, to minimize the possibility of downloading malware. After …
Medibank won’t pay the ransom for data stolen in breach
Australian health insurance provider Medibank has announced it won’t be paying the ransom to the criminal(s) who stole data of 9.7 million of its current and former …
Attackers leverage Microsoft Dynamics 365 to phish users
Attackers are abusing Microsoft Dynamics 365 Customer Voice to evade email filters and deliver phishing emails into Microsoft users’ inboxes, Avanan researchers are …
130 Dropbox code repos plundered after successful phishing attack
Dropbox has suffered a data breach, but users needn’t worry because the attackers did not gain access to anyone’s Dropbox account, password, or payment information. …
High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)
Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the …