Security News

A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction. The campaign is named after the '' error seen transmitted by a remote access malware when uploading stolen data to the threat actor's servers.

Hackers breached Zacks Investment Research company last year and gained access to personal and sensitive information belonging to 820,000 customers. Founded in 1978, the company helps investors with stock buying decisions by using advanced financial data analytics algorithms.

Vulnerability analysis results in Orange Cyberdefenses' Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. The chart below suggests that even Critical Vulnerabilities are taking around 6 months on average to resolve, but that is encouragingly at least 36% faster than the time for low-severity issues.

Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious LNK files, uncovering information such as the specific tools and techniques used by different groups of cybercriminals, as well as potential links between seemingly unrelated attacks.

New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice. As just one example, the research reveals that 95% of all vulnerabilities are found in transitive dependencies - open-source code packages that developers do not select, but are indirectly pulled into projects.

Chinese president Xi Jinping has opened the 20th Congress of the Chinese Communist Party with a call for the nation he leads to win the race for development of "Core technologies" and to become self-reliant in strategic tech. In his Sunday speech he spoke of innovation being focused on national strategic requirements - therefore led by the State - and linked the development and implementation of information technology to national security.

Hackers tied to the Iranian government have been targeting individuals specializing in Middle Eastern affairs, nuclear security and genome research as part of a new social engineering campaign designed to hunt for sensitive information. Enterprise security firm attributed the targeted attacks to a threat actor named TA453, which broadly overlaps with cyber activities monitored under the monikers APT42, Charming Kitten, and Phosphorus.

China has accused the U.S. National Security Agency of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi'an in June 2022. The National Computer Virus Emergency Response Centre disclosed its findings last week, and accused the Office of Tailored Access Operations at the USA's National Security Agency of orchestrating thousands of attacks against the entities located within the country.

China has accused the United States of a savage cyber-attack on a university famed for conducting aerospace research and linked to China's military. The National Computer Virus Emergency Response Centre made its accusation on September 5th, claiming that the Office of Tailored Access Operation at the USA's National Security Agency has unleashed over 10,000 attacks in China, some using zero-day exploits, and lifted 140GB of "High value data".

The enterprise-grade Titan M security chip was custom built to help protect data. Derived from the same chip Google uses to protect its cloud data centers, it handles processes and information, such as passcode protection, encryption, and secure transactions in apps.