Arab Security Consultants Archives - Arab Security Consultants

Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool

Wednesday, 30 April 2025 by Ayman Hamam

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the

Published in News

Tagged under: Arab Security Consultants, ASC, C++ spyware., Citizen Lab, cyber attacks, Cyber espionage, digital repression, malware campaign, spear-phishing, State-Sponsored Attacks, transnational repression, Uyghur surveillance, UyghurEdit++

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

Thursday, 17 April 2025 by Ayman Hamam

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces,

Published in News

Tagged under: Arab Security Consultants, ASC, cryptocurrency hacking, Cyber espionage, developer-targeted attacks, Jade Sleet, LinkedIn malware campaigns, macOS Malware, North Korea cyber threats, RN Loader, RN Stealer, Slow Pisces

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

Tuesday, 04 February 2025 by Ayman Hamam

U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The vast array of sites in question peddled

Published in News

Tagged under: Arab Security Consultants, ASC, business email compromise, credential theft, cybercrime takedown, cybercriminal networks, HeartSender, law enforcement action, online fraud, Operation Heart Blocker, phishing marketplaces, Saim Raza

Do We Really Need The OWASP NHI Top 10?

Tuesday, 28 January 2025 by Ayman Hamam

The Open Web Application Security Project has recently introduced a new Top 10 project – the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents

Published in News

Tagged under: API Key Risks, Arab Security Consultants, ASC, Cybersecurity Framework, IAM Roles, Machine Credentials, NHI Vulnerabilities, Non-Human Identity Security, OAuth Security, OWASP NHI Top 10, secrets management, Service Account Security

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

Tuesday, 21 January 2025 by Ayman Hamam

Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named SocGholish (aka FakeUpdates), which

Published in News

Tagged under: Arab Security Consultants, ASC, AWS S3 ransomware, Black Basta techniques, C2 tunnel, Codefinger threat actor, Cybersecurity Threats, EDRSilencer, endpoint detection bypass, Lateral Movement, network compromise, phishing campaigns, ransomware attacks, ransomware deployment, SocGholish malware, tags ChatGPT said: ChatGPT Python-based backdoor

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

Wednesday, 17 July 2024 by Ayman Hamam

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) on July 9, 2024.

Published in Uncategorized

Tagged under: Arab Security Consultants, ASC, Authentication, cyberSecurity, DigitalTokens, FinancialFraudPrevention, OnlineBankingSecurity, PhishingPrevention, SingaporeBanking

Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

Sunday, 07 July 2024 by Ayman Hamam

Identity theft isn’t just about stolen credit cards anymore. Today, cybercriminals use advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don’t be caught off guard. Join us for a groundbreaking webinar that will change how you approach cybersecurity. Gain

Published in News

Tagged under: Arab Security Consultants, ASC, Cyber Attack Prevention., cybersecurity trends., Cybersecurity Webinar, Digital Identity Protection, Identity Security, Identity Threat Detection, ITDR, ITDR Solutions, Ransomware Defense

RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations

Tuesday, 25 June 2024 by Ayman Hamam

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future’s Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates in Fuzhou, China, to support Beijing’s intelligence

Published in News

Tagged under: academic cyber attacks, Arab Security Consultants, ASC, China-linked threat actor, Cyber espionage, Cyber Security, cyber threat analysis, diplomatic espionage, intelligence collection, RedJuliett, Taiwan government hacking, technology sector threats

AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform

Monday, 03 June 2024 by Ayman Hamam

Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. “We have suspicions that a subset of Spaces’ secrets could have been accessed without authorization,” it said in an advisory. Spaces offers a way for users to create, host, and share AI and machine learning (ML) applications. It also

Published in News

Tagged under: AI app secrets, AI security breach, AIaaS providers, Arab Security Consultants, ASC, cyberSecurity, data protection, Hugging Face, security advisory, Spaces platform, token refresh, unauthorized access.

Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data

Wednesday, 29 May 2024 by Ayman Hamam

Cybersecurity researchers have discovered a critical security flaw in artificial intelligence (AI)-)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. “Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all Replicate’s platform customers,” cloud security firm Wiz said in a report

Published in News

Tagged under: AI security, AI-as-a-service, Arab Security Consultants, ASC, cross-tenant attacks, Cyber Security News, cyberSecurity, Hacker News, proprietary AI models, remote code execution, Replicate vulnerability, sensitive information

Tag: Arab Security Consultants