Blog
New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices
Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that's capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS)...
Astrology Website WeMystic Exposes Over 13 Million User Records
The astrology and spiritual content platform WeMystic exposed the sensitive data of its users, including names, email addresses, and dates of birth, due to an open and passwordless MongoDB database.
Astrology Website WeMystic Exposes Over 13 Million User Records
The astrology and spiritual content platform WeMystic exposed the sensitive data of its users, including names, email addresses, and dates of birth, due to an open and passwordless MongoDB database.
Update: New Relic Admits Attack on Staging Systems, User Accounts
Web tracking and analytics company New Relic has disclosed a cyberattack on its staging systems, which were compromised in mid-November by an unauthorized actor using stolen credentials and social engineering.
Linux Version of Qilin Ransomware Focuses on VMware ESXi
The Linux encryptor includes extensive command-line options for customization, allowing threat actors to specify exclusion and encryption criteria, as well as configure virtual machines that should not be encrypted.
LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively...
The Current State of Open RAN Security
The Open Radio Access Network (ORAN) architecture, while providing standardized interfaces and protocols, is vulnerable to attacks through malicious xApps that can compromise the entire RAN Intelligent Controller (RIC) subsystem.
US Man Jailed Eight Years for SIM Swapping and Apple Support Impersonation
The scams involved SIM swapping, social media account takeovers, Zelle payment fraud, and impersonating Apple Support personnel to steal money, NFTs, cryptocurrency, and other valuable digital property.
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to "hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198),...
DJvu ransomware Latest Variant Xaro Emerges in the Threat Landscape
A variant of the DJvu ransomware, named Xaro, has been identified in a campaign that leverages cracked software for distribution. Xaro is spread through an archive file masquerading as legitimate freeware. Organizations are advised to whitelist apps or sites to stay...
FREE GUIDE