Blog
New Scam Involving Remote Jobs on Social Media Platforms
Researchers at Bitdefender Labs have uncovered a new scam involving remote jobs on social media platforms. Scammers are promising payment for simply liking YouTube videos.
Behind the Scenes of Matveev’s Ransomware Empire: Tactics and Team
Cybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged role in launching thousands of attacks across the...
Ransomware Attack on Westpole Disrupted Digital Services for Italian Public Administration
One of Westpole's customers, PA Digitale, which serves 1300 public administrations including 540 municipalities, was targeted. The incident has led to manual operations for some services and may affect salary payments.
Xfinity Discloses Massive Data Breach Affecting Over 35 Million People
The breach occurred after attackers exploited a critical vulnerability, known as Citrix Bleed, that had been actively exploited as a zero-day since August 2023. The company has asked users to reset their passwords.
Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts
Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google...
US Agencies Release Security Guidance on Managing SBOMs and Open Source Software
The report provides guidance on open source software adoption, including criteria for selection, risk assessment, licensing, export control, maintenance, vulnerability response, and secure software delivery.
Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa
The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom,...
Are We Ready to Give Up on Security Awareness Training?
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with...
CISA Urges Manufacturers to Eliminate Default Passwords to Thwart Cyber Threats
Manufacturers are advised to follow Secure by Design principles, provide unique setup passwords or disable them after a preset time period, and implement phishing-resistant multi-factor authentication methods to mitigate these risks.
New Malvertising Campaign Distributing PikaBot Disguised as Popular Software
The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the...
FREE GUIDE