Blog
Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts
Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google...
US Agencies Release Security Guidance on Managing SBOMs and Open Source Software
The report provides guidance on open source software adoption, including criteria for selection, risk assessment, licensing, export control, maintenance, vulnerability response, and secure software delivery.
Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa
The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom,...
Are We Ready to Give Up on Security Awareness Training?
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with...
CISA Urges Manufacturers to Eliminate Default Passwords to Thwart Cyber Threats
Manufacturers are advised to follow Secure by Design principles, provide unique setup passwords or disable them after a preset time period, and implement phishing-resistant multi-factor authentication methods to mitigate these risks.
New Malvertising Campaign Distributing PikaBot Disguised as Popular Software
The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the...
Iran Hit by Major Cyberattack Targeting Nation’s Fuel Supply
Gas stations in Iran experienced widespread disruptions due to a cyberattack claimed by the group Predatory Sparrow, which has previously targeted Iranian critical infrastructure.
What the SEC Weighed in Finalizing the Cyber Disclosure Rules
The SEC does not aim to manage security but wants better disclosures. The final rule requires the disclosure of material cybersecurity incidents, but does not require specific technical details to avoid providing a roadmap for future attacks.
xorbot: A Stealthy Botnet Family That Defies Detection
Xorbot utilizes encryption and decryption algorithms, borrowed from the Mirai source code, to encrypt communication with its command and control server and store sensitive information.
Researchers Disclose Zero-Click Exploit for Microsoft Outlook
The vulnerabilities, CVE-2023-35384 and CVE-2023-36710, allow an attacker to bypass security measures and execute code on a victim's machine by tricking Outlook into downloading a specially crafted sound file.
FREE GUIDE