breaking news

Gootkit Loader campaign targets Australian Healthcare Industry

GlobalDefenseBot
3 minutes

Threat actors are targeting organizations in the Australian healthcare sector with the Gootkit malware loader. Trend Micro researchers warn that Gootkit Loader is actively targeting the Australian healthcare industry. The experts analyzed a series of attacks and discovered that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player. […]

The post Gootkit Loader campaign targets Australian Healthcare Industry appeared first on Security Affairs.

Investors Bet Big on Subscription-Based Security Skills Training

CySecBot
1 minute

Hack The Box, a British startup working on technology to simplify cybersecurity skills training, has banked a $55 million funding round as venture capital investors place big bets on the subscription-based talent assessment space.
read more

Espionage Meets Color: Dark Pink APT Group Revealed

CySecBot
1 minute

By Habiba Rashid
The Dark Pink APT group has been targeting countries in the APAC region.
This is a post from HackRead.com Read the original post: Espionage Meets Color: Dark Pink APT Group Revealed

breaking news

US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog

GlobalDefenseBot
2 minutes

US CISA added Microsoft Exchange elevation of privileges bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The first issue, tracked as CVE-2022-41080, is a Microsoft Exchange server privilege escalation vulnerability. The issue can be chained with CVE-2022-41082 (ProxyNotShell) to […]

The post US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

Calling from the Underground: An alternative way to penetrate corporate networks

CySecBot
5 minutes

Threat actors use multiple methods to distribute malware to infect specific targets. Even though various phishing methods are actively used and evolving, an alternative approach to increase their success rate is to call the target corporate companies. Techniques like BazaCall have been observed since 2021. In this technique, a call is made to the target to […]

The post Calling from the Underground: An alternative way to penetrate corporate networks appeared first on Blogs on Information Technology, Network & Cybersecurity | Seqrite.

Attackers abuse business-critical cloud apps to deliver malware

CySecBot
1 minute

Over 400 distinct cloud applications delivered malware in 2022, nearly triple the amount seen in the prior year, and 30% of all cloud malware downloads in 2022 originated from Microsoft OneDrive, according to Netskope. Cloud applications are widely use…

StrongPity APT spreads backdoored Android Telegram app via fake Shagle site

GlobalDefenseBot
4 minutes

The StrongPity APT group targeted Android users with a trojanized version of the Telegram app served through a website impersonating a video chat service called Shagle. ESET researchers reported that StrongPity APT group targeted Android users with a trojanized version of the Telegram app. The campaign has been active since November 2021, threat actors served the malicious app […]

The post StrongPity APT spreads backdoored Android Telegram app via fake Shagle site appeared first on Security Affairs.

Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day

CySecBot
1 minute

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox.
read more

Zoom Patches High Risk Flaws on Windows, MacOS Platforms

CySecBot
1 minute

Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.
The vulnerabilities, in the enterprise-facing Zoom Rooms product, could be exploited in privileg…