Category Security

Dec 17, 2024Ravie LakshmananNetwork Security / IoT Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of…

Dec 17, 2024Ravie LakshmananCyber Espionage / Mobile Security A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. “The Mask…

Over 200,000 YouTube creators and counting have been targeted by cybercriminals masquerading as big-name brands, in a newly discovered phishing campaign. The scammers send malicious emails with subject lines like “Collaboration Proposal” and “Marketing Opportunity,” in order to trick their…

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024,…

The Serbian government is using advanced mobile forensics products from Israeli surveillance firm Cellebrite to spy on journalists and environmental and civil rights activists, according to an Amnesty International report. Amnesty shared findings from its Security Lab showing the use…

Dec 16, 2024Ravie LakshmananCyber Threats / Weekly Recap This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a…

The State of Rhode Island has confirmed that its social services portal, the RIBridges system, has been subject to a major security threat. It is likely that cybercriminals have obtained files with personally identifiable information in the cyber-attack, Rhode Island’s…

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. “NoviSpy allows for capturing sensitive personal data from a…

Internet-exposed Human Machine Interfaces (HMIs) pose significant risks to the Water and Wastewater Systems (WWS) sector, according to a new fact sheet jointly released by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA). Titled…

Dec 16, 2024Ravie LakshmananMalvertising / Threat Intelligence Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign…