Black Hat USA: Startup breaks secrets management tools
A total of 14 common vulnerabilities and exposures (CVEs) spanning CyberArk’s Conjur and HashiCorp’s Vault enterprise secrets management platforms have been addressed and disclosed this…
Author: Cybernoz
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users,…
Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign
A new report from cybersecurity firm SecAlliance has revealed a highly organized criminal operation run by Chinese syndicates that may have compromised as many as…
Breaking Down Data Silos in the Age of AI: How Hitachi Vantara Sees The A/NZ Opportunity Evolving
Data volumes are exploding and while this provides an unprecedented opportunity for organisations to leverage and benefit from AI, it’s also a challenge of an…
Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT
North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new…
Health expands cloud footprint with $32m Azure deal
The Department of Health, Disability and Ageing is scaling up its cloud capabilities with a $32 million contract for Microsoft Azure services. The three-year deal…
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target…
Akira and Lynx Ransomware Target MSPs Using Stolen Credentials and Exploited Vulnerabilities
The Acronis Threat Research Unit (TRU) dissected recent samples from the Akira and Lynx ransomware families, revealing incremental enhancements in their ransomware-as-a-service (RaaS) models and…
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official…
Sophisticated DevilsTongue Windows Spyware Tracking Users Globally
The emergence of DevilsTongue marks a significant escalation in mercenary spyware capabilities, leveraging advanced Windows-based techniques to infiltrate high-value targets worldwide. First observed in campaigns…
Threat Actors Exploit Smart Contracts to Drain Over $900K from Crypto Wallets
SentinelLABS has exposed a sophisticated series of cryptocurrency scams where threat actors distribute malicious smart contracts masquerading as automated trading bots, resulting in the drainage…
US still prioritizing zero-trust migration to limit hacks’ damage
Listen to the article 4 min This audio is auto-generated. Please let us know if you have feedback. LAS VEGAS — The U.S. government is still…