Blog
Payment Card-Skimming Campaign Now Targeting Websites in North America
A Chinese-speaking threat actor known for skimming credit card numbers off e-commerce sites and point-of-sale service providers in the Asia/Pacific region for more than a year has begun aiming at similar targets in North and Latin America as well.
Live Webinar: Overcoming Generative AI Data Leakage Risks
As the adoption of generative AI tools, like ChatGPT, continues to surge, so does the risk of data exposure. According to Gartner’s "Emerging Tech: Top 4 Security Risks of GenAI" report, privacy and data security is one of the four major emerging risks within...
Microsoft AI Research Division Leak 38TB of Private Data
Cloud security firm Wiz discovered the privacy snafu when it found the GitHub repository “robust-models-transfer,” which belonged to Microsoft’s AI research division, leaking sensitive internal information.
Over 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an "unauthenticated and...
New Hook Android Banking Trojan Expands on ERMAC’s Legacy
"All commands (30 in total) that the malware operator can send to a device infected with ERMAC malware, also exist in Hook. The code implementation for these commands is nearly identical," NCC Group security researchers said.
Thousands of Juniper Devices Vulnerable to Unauthenticated RCE Flaw
Today, VulnCheck vulnerability researcher Jacob Baines released another PoC exploit that only utilizes CVE-2023-36845, bypassing the need to upload files while still achieving remote code execution.
Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
The CapraRAT mobile RAT hidden within these YouTube-themed apps gives the attacker control over various data on infected Android devices, including recording audio and video, collecting messages and call logs, and modifying files.
Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware
The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive...
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data
Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a...
Lazarus APT Stole Almost $240 Million in Crypto Assets Since June
According to a report by Elliptic, the North Korea-linked APT group Lazarus has stolen most of $240 million in crypto assets from multiple businesses, including Atomic Wallet ($100m), CoinsPaid ($37.3M), Alphapo ($60M), and Stake.com ($41M).
FREE GUIDE