API-Security-Trends-2023–Have-Organizations-Improved-their-Security-Posture?

API Security Trends 2023 | Have Organizations Improved their Security Posture?

What are the APIs? known as application programming interfaces, are the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their applications. However, this increased reliance on APIs has also

After an OPSEC blunder, North Korean nation-state actors were exposed in the JumpCloud hack

North Korean nation-state actors linked to the Reconnaissance General Bureau (RGB) have been connected to the JumpCloud hack due to a security oversight that exposed their IP address. The threat intelligence firm Mandiant, owned by Google, attributes the activity to UNC4899, which has similarities with other groups known as Jade Sleet and TraderTraitor. These actors

The new malware ‘Letscall’ uses voice traffic routing to send audio

A warning has been issued regarding a sophisticated form of voice phishing (vishing) called “Letscall” that specifically targets individuals in South Korea. This advanced technique involves deceiving victims into downloading malicious apps from a fake Google Play Store website. Once installed, the malware redirects incoming calls to a call center operated by criminals who pose

Tagged under: ,

A Mexican hacker uses Android malware to attack global banks

An e-crime actor, known as Neo_Net, has been identified as the perpetrator of an Android mobile malware campaign targeting global financial institutions, with a specific focus on Spanish and Chilean banks. The campaign, which occurred between June 2021 and April 2023, resulted in the theft of over 350,000 EUR and the compromise of Personally Identifiable

Tagged under:

Diicot expands tactics with Cayosin Botnet, from crypto-jacking to DDoS attacks

Cybersecurity researchers have uncovered new information about the Romanian threat actor Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. Diicot, also known as Mexals, was initially discovered in July 2021 and was linked to a cryptojacking campaign. Recent analysis shows that Diicot is now using an off-the-shelf botnet agent called Cayosin, indicating its

Tagged under:

More than 1,000 fake cryptocurrency sites trap users in bogus reward schemes

A large-scale cryptocurrency scam has been uncovered, involving over 1,000 fraudulent websites that have deceived users since January 2021. Trend Micro researchers have linked this scam to a Russian-speaking threat actor called “Impulse Team.” The scam operates through an advanced fee fraud scheme, where victims are tricked into believing they have won cryptocurrency rewards but

Tagged under: ,

Cryptocurrency is stolen through a new malware campaign using Satacom Downloader

A recent malware campaign has been discovered that utilizes the Satacom downloader to distribute stealthy malware for cryptocurrency theft. The malware aims to steal BTC from victims’ accounts by injecting malicious code into targeted cryptocurrency websites. The campaign primarily targets users of popular cryptocurrency platforms such as Coinbase, Bybit, KuCoin, Huobi, and Binance, with a

Tagged under: ,

Millions of WordPress sites are affected by an urgent WordPress update that fixes a critical flaw in the Jetpack plugin

WordPress Releases Automatic Update to Fix Critical Jetpack Plugin Vulnerability WordPress has taken immediate action to address a critical flaw in the widely used Jetpack plugin, which is installed on over five million websites. The automatic update was prompted by the discovery of a vulnerability during an internal security audit. The flaw stems from an

Tagged under:

Stealthy Bandit Stealer: A New Malware Targeting Web Browsers and Cryptocurrency Wallets

A sophisticated and stealthy information-stealing malware called Bandit Stealer has recently emerged, posing a significant threat to web browsers and cryptocurrency wallets. Trend Micro, a leading cybersecurity company, highlighted the malware’s capability to potentially expand to other platforms due to its development using the Go programming language. Currently, Bandit Stealer primarily focuses on Windows systems,

Tagged under: ,

Critical OAuth Vulnerability in Expo Framework Raises Account Hijacking Concerns

A significant security vulnerability has been exposed in the Open Authorization (OAuth) implementation of Expo.io, a popular application development framework. Assigned the CVE identifier CVE-2023-28131, this vulnerability carries a high severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs has reported that the flaw leaves services utilizing the Expo framework

Tagged under: