-
Mar 26, 2023
A new ransomware operation called Dark Power has surfaced, targeting organisations around the world and demanding relatively small ransom payments of $10,000. According to a recent report from cybersecurity firm Trellix, the ransomware uses the Nim programming language, making it… read more »
-
Mar 24, 2023
The US Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. Known as the “Untitled Goose Tool”, this Python-based utility can download telemetry information… read more »
-
Mar 22, 2023
Google has released a warning that certain Android phones may be remotely hacked without the need for the victim to interact with anything. The attack can allow a remote user access to call information and text messages being transmitted via… read more »
-
Mar 21, 2023
Chaos Engineering is a practice that aims to identify potential issues and vulnerabilities in a system by deliberately introducing controlled failures. The goal is to expose weaknesses before they cause significant damage in a real-world scenario. Advances in large-scale, distributed… read more »
-
Mar 20, 2023
Security researchers David Buchanan and Simon Aarons have discovered a serious vulnerability in Google Markup, the screenshot editing tool available on Pixel devices. The bug, dubbed “aCropalypse”, allows certain parts of the image to be restored, potentially exposing sensitive information.… read more »
-
Mar 15, 2023
CrowdStrike has discovered a cryptojacking campaign targeting Kubernetes infrastructure, believed to be the first Dero cryptojacking operation. Dero is a private, decentralised application platform that offers enhanced privacy and anonymity compared to other cryptocurrencies. The attack targets Kubernetes clusters exposed… read more »
-
Mar 15, 2023
Microsoft has released 80 security patches for its March 2023 Patch Tuesday rollout. The patches include 9 Critical, 70 Important, and 1 Moderate vulnerabilities. Additionally, there are two actively exploited zero-day vulnerabilities: a Critical elevation of privilege within Microsoft Outlook… read more »
-
Mar 14, 2023
Researchers at Palo Alto Networks Unit 42 have discovered a new malware called GoBruteforcer, written in Golang and targeting web servers running phpMyAdmin, MySQL, FTP and Postgres. The malware scans Classless Inter-Domain Routing (CIDR) blocks and brute-force passwords using a… read more »