Cybersecurity researchers have discovered a novel surveillance program that’s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has…
A vulnerability in Microsoft’s Multi-Factor Authentication (MFA) system has left millions of accounts susceptible to unauthorized access. Exploited successfully, the flaw could allow attackers to bypass the second authentication layer and access services like Outlook, OneDrive, Teams and Azure Cloud.…
Dec 11, 2024Ravie LakshmananRansomware / Malware Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool…
Krispy Kreme has been hit by a cyber-incident which is disrupting operations including online orders, the firm has reported in a filing to the Securities and Exchange Commission (SEC). The US-based doughnut maker and coffeehouse chain admitted that the incident…
Dec 11, 2024Ravie LakshmananMalware / Cyber Espionage The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new…
A large-scale scam campaign impersonating UAE law enforcement and exploiting citizen trust has been uncovered by security researchers. The fraudulent scheme, which coincides with festive periods like the UAE National Day (Eid Al Etihad), involves cybercriminals deceiving victims into paying…
Dec 11, 2024Ravie LakshmananVulnerability / Authentication Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim’s account. “The bypass was…
Russian state threat actor Secret Blizzard has leveraged resources and tools used by other cyber groups to support the Kremlin’s military efforts in Ukraine, according to Microsoft. These campaigns have consistently led to the download of Secret Blizzard’s custom malware…
Dec 11, 2024Ravie LakshmananMalware / Endpoint Security A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. “To exploit this…
A South Korean law enforcement operation has taken down a large-scale fraud network that extorted $6.3m from victims with fake online trading platforms that were sophisticatedly designed to steal money. Dubbed Operation Midas, this year-long task involved the Korean Financial…
All Rights Reserved. Kowatek Blog by IWUCHI
Home | About Us | Disclaimer | Privacy Policy | Contact Us
