Blog
Governments May Spy on You by Requesting Push Notifications from Apple and Google
Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users' smartphones," Wyden said. "These alerts...
Building a Robust Threat Intelligence with Wazuh
Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthening security. It enables organizations to gain a comprehensive insight into historical, present, and anticipated threats,...
New Stealthy ‘Krasue’ Linux Trojan Targeting Telecom Firms in Thailand
The deployment vector of Krasue is still unknown, but it is suspected to exploit vulnerabilities, use credential brute-force attacks, or be downloaded as part of a fake software package.
GST Invoice Billing Inventory App Exposes Sensitive Data to Threat Actors
The app, used by businesses for invoicing and financial management, had an open Firebase database containing user data such as phone numbers, emails, and addresses, as well as corporate data like names, invoice counts, and bank balances.
UK FCA Warns of Christmas Loan Fee Fraud Surge
Scammers are exploiting the need for loans for Christmas spending, leading to a surge in loan fee fraud – a type of scam where victims are promised loans they never receive, whilst being tricked into paying an upfront charge as a ‘deposit’ or ‘fee.’
ENISA Publishes Threat Landscape Report on DoS Attacks
The ENISA Threat Landscape for DoS Attacks report provides insights into the motivations, goals, and impacts of DoS attacks, highlighting the need for organizations to enhance their defenses and prepare prevention and remediation strategies.
New Stealthy ‘Krasue’ Linux Trojan Targeting Telecom Firms in Thailand
A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore,...
Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger
Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet." "This isn't a routine security update: we rebuilt the app...
East River Medical Notifies Over 605,000 Patients of Data Breach Affecting Their SSNs
The breach occurred between August 31, 2023, and September 20, 2023, prompting ERMI to secure its systems, involve law enforcement, and conduct an investigation with a cybersecurity firm.
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts
Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary...
FREE GUIDE