Signal App Refutes Alleged Zero-Day Flaw Amidst Security Debates
Signal, the renowned encrypted messaging app, has firmly pushed back against recent reports of an alleged zero-day vulnerability in its software. The company conducted a thorough investigation and stated that it found no concrete evidence to substantiate the claim. In a series of messages posted on social media platform X (formerly Twitter), Signal emphasized that
- Published in News
Persistent Cyber Campaign “Stayin’ Alive” Targets High-Profile Asian Government and Telecom Entities
In a noteworthy development, a cyber campaign known as “Stayin’ Alive” has been actively targeting prominent government and telecom organizations across Asia since 2021. The campaign, discovered by cybersecurity firm Check Point, is characterized by its deployment of basic backdoors and loaders to deliver more advanced malware in subsequent stages. Key targets of this campaign
- Published in News
CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
Ukraine, a nation that has been no stranger to cyber threats, is again in the spotlight. The Ukrainian Computer Emergency Response Team (CERT-UA) has recently reported a series of cyberattacks targeting the country’s telecommunications providers. This alarming development raises concerns about critical infrastructure security and underscores the need for robust cybersecurity measures. In this blog
- Published in News
Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
In a recent cybersecurity incident, Microsoft has shed light on a thwarted cyber attack, where hackers made an unsuccessful attempt to breach a cloud environment through an SQL Server instance. The assault kicked off with the exploitation of an SQL injection vulnerability present in a particular application. This initial breach granted unauthorized access and escalated
- Published in News
API Security Trends 2023 | Have Organizations Improved their Security Posture?
What are the APIs? known as application programming interfaces, are the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their applications. However, this increased reliance on APIs has also
- Published in News
After an OPSEC blunder, North Korean nation-state actors were exposed in the JumpCloud hack
North Korean nation-state actors linked to the Reconnaissance General Bureau (RGB) have been connected to the JumpCloud hack due to a security oversight that exposed their IP address. The threat intelligence firm Mandiant, owned by Google, attributes the activity to UNC4899, which has similarities with other groups known as Jade Sleet and TraderTraitor. These actors
- Published in News
The new malware ‘Letscall’ uses voice traffic routing to send audio
A warning has been issued regarding a sophisticated form of voice phishing (vishing) called “Letscall” that specifically targets individuals in South Korea. This advanced technique involves deceiving victims into downloading malicious apps from a fake Google Play Store website. Once installed, the malware redirects incoming calls to a call center operated by criminals who pose
- Published in News
A Mexican hacker uses Android malware to attack global banks
An e-crime actor, known as Neo_Net, has been identified as the perpetrator of an Android mobile malware campaign targeting global financial institutions, with a specific focus on Spanish and Chilean banks. The campaign, which occurred between June 2021 and April 2023, resulted in the theft of over 350,000 EUR and the compromise of Personally Identifiable
- Published in News
Diicot expands tactics with Cayosin Botnet, from crypto-jacking to DDoS attacks
Cybersecurity researchers have uncovered new information about the Romanian threat actor Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. Diicot, also known as Mexals, was initially discovered in July 2021 and was linked to a cryptojacking campaign. Recent analysis shows that Diicot is now using an off-the-shelf botnet agent called Cayosin, indicating its
- Published in News
More than 1,000 fake cryptocurrency sites trap users in bogus reward schemes
A large-scale cryptocurrency scam has been uncovered, involving over 1,000 fraudulent websites that have deceived users since January 2021. Trend Micro researchers have linked this scam to a Russian-speaking threat actor called “Impulse Team.” The scam operates through an advanced fee fraud scheme, where victims are tricked into believing they have won cryptocurrency rewards but
- Published in News