An attack on critical infrastructure firms using Facebook ads is known as SYS01stealer

Cybersecurity experts have uncovered a new information stealer called SYS01stealer, which targets critical government infrastructure employees, manufacturing companies, and other sectors. Israeli cybersecurity firm Morphisec reports that the attack campaign aims to steal sensitive information, such as login data, cookies, and Facebook ad and business account information. The attackers lure victims into clicking on a

Tagged under: ,

Mexican banks are being targeted by FiXS ATM malware

A new ATM malware strain called FiXS has been detected attacking Mexican banks since the beginning of February 2023. Latin American cybersecurity firm Metabase Q reported that the ATM malware is concealed within another program that appears to be non-malicious. FiXS is not dependent on any specific vendor, is vendor-agnostic, and can infect any teller

Tagged under: , ,

Users are vulnerable to command injection attacks due to a critical flaw in Cisco IP Phone Series

On March 1, 2023, Cisco released security updates for its IP Phone series 6800, 7800, 7900, and 8800 to address a critical command injection vulnerability (CVE-2023-20078) rated 9.8 on the CVSS scoring system. The flaw is caused by a web-based management interface, which lacks proper user-supplied input validation, allowing an unauthenticated, remote attacker to inject

Tagged under: ,

A zero-day vulnerability has been discovered in Apple’s iOS, iPadOS, macOS, and Safari

Apple has taken swift action to safeguard its users by releasing security updates for its various operating systems, including iOS, iPadOS, macOS, and Safari, to fix a critical zero-day vulnerability. The flaw, tracked as CVE-2023-23529, is a type of confusion bug in the WebKit browser engine that could allow malicious actors to execute arbitrary code

Tagged under: ,

The vulnerability of multiple document management systems has been exposed in an unprecedented manner

Eight unpatched security vulnerabilities have been found in open-source and freemium document management systems (DMS) offered by four vendors, LogicalDOC, Mayan, ONLYOFFICE, and OpenKM.These flaws were revealed by cybersecurity firm Rapid7 and allow for a malicious actor to trick a user into saving a harmful document on the platform, and once indexed, the attacker can

Tagged under: ,

Components and obfuscations of Gootkit malware continue to evolve

The actors responsible for the Gootkit malware have made significant modifications to their toolset, incorporating new components and obfuscations into their infection methods. The Google-owned cybersecurity firm, Mandiant, is keeping a close eye on the cluster of activity known as UNC2565 and has determined that the usage of the Gootkit malware is exclusive to this

Tagged under: ,

1,700 spoof apps targeted over 11 million devices in massive ad fraud scheme

Researchers have successfully dismantled an extensive ad fraud scheme, known as VASTFLUX, that affected over 1,700 applications from 120 publishers and impacted around 11 million devices. According to fraud prevention firm HUMAN, VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack multiple invisible video ad

Tagged under: , ,

Cyberattacks launched against Ukraine by Gamaredon Group through Telegram

According to a report by the BlackBerry Research and Intelligence Team, the Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital attacks against Ukraine, utilizing the popular messaging app Telegram to target the country’s military and law enforcement sectors. The group, also known by various other names such as Actinium, Armageddon, Iron

Tagged under: , ,

Researchers discover 3 PyPI packages that spread malware to developer systems

An individual going by the name of Lolip0p has uploaded three malicious packages to the Python Package Index (PyPI) repository, which are designed to install malware on developer systems that download them. The packages, named color slab (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12), were uploaded by the author

Tagged under: ,

An attacker targeted a CircleCI engineer’s laptop, causing a recent security incident

On Friday, DevOps platform CircleCI announced that it had experienced a data breach as a result of a “sophisticated attack” on December 16, 2022. The incident involved an employee’s laptop being compromised by unknown actors, who then used malware to steal the employee’s two-factor authentication-backed credentials to gain access to the company’s systems and data.

Tagged under: , ,