Security News

The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts. AvosLocker ransomware affiliates are known to use legitimate software and open-source code for remote system administration to compromise and exfiltrate data from enterprise networks.

A Gaza-based threat actor has been linked to a series of cyber attacks aimed at Israeli private-sector energy, defense, and telecommunications organizations. Microsoft, which revealed details of...

Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk senders to authenticate their emails and adhere to stricter spam thresholds. Starting February 1st, 2024, Google will require senders dispatching over 5,000 messages daily to Gmail accounts to set up SPF/DKIM and DMARC email authentication for their domains to strengthen defenses against email spoofing and phishing attempts.

Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer...

Microsoft says an Iranian-backed threat group has targeted thousands of organizations in the U.S. and worldwide in password spray attacks since February 2023. "Between February and July 2023, Peach Sandstorm carried out a wave of password spray attacks attempting to authenticate to thousands of environments," the Microsoft Threat Intelligence team said.

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. Plus, 57% of respondents feel traditional security solutions, including web application firewalls, can't effectively distinguish genuine from fraudulent API activity.

Microsoft says North Korean hacking groups have breached multiple Russian government and defense targets since the start of the year. "Multiple North Korean threat actors have recently targeted the Russian government and defense industry - likely for intelligence collection - while simultaneously providing material support for Russia in its war on Ukraine," said Clint Watts, the head of Microsoft's Digital Threat Analysis Center.

In a new HiatusRAT malware campaign, threat actors have targeted a server belonging to the U.S. Department of Defense in what researchers described as a reconnaissance attack. The website's affiliation with contract proposals suggests that the attackers might be seeking publicly accessible information about military requisites or trying to find information on Defense Industrial Base-affiliated organizations.

Apple last year introduced a security feature called App Management that's designed to prevent one application from modifying another without authorization under macOS Ventura - but a developer claims it's not very good at its job under some circumstances. "If an app is modified by something that isn't signed by the same development team and isn't allowed by an NSUpdateSecurityPolicy, macOS will block the modification and notify the user that an app wants to manage other apps," explained Justin Sagurton of Apple's privacy engineering team, in a video presentation at the fruity computer seller's 2022 Worldwide Developers Conference.

The defense sector in Ukraine and Eastern Europe has been targeted by a novel. NET-based backdoor called DeliveryCheck that's capable of delivering next-stage payloads.