Month: May 2024

Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that’s behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. “Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate,” the company said in its latest Cyber Signals report. “We’ve seen some examples where the […]

The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. “This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist,” the BlackBerry Research and Intelligence Team said in a technical report published earlier […]

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. “Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from […]

Video communications giant Zoom announced on Tuesday that post-quantum end-to-end encryption (E2EE) has been added to Zoom Workplace. The feature, which leverages the Kyber 768 key encapsulation method, is currently available worldwide in Zoom Meetings, with Zoom Phone and Zoom Rooms coming soon. Zoom claims it is the first unified communications-as-a-service company to offer a post-quantum E2EE […]

A critical vulnerability discovered recently in a Python package used by AI application developers can allow arbitrary code execution, putting systems and data at risk. The issue, discovered by researcher Patrick Peng (aka retr0reg), is tracked as CVE-2024-34359 and it has been dubbed Llama Drama. Cybersecurity firm Checkmarx on Thursday published a blog post describing the vulnerability and […]

Cybercriminals who have been using the Black Basta ransomware have been observed abusing the remote management tool Quick Assist in vishing (voice phishing) attacks, Microsoft reports. Active since 2022 and believed to have hit over 500 organizations globally, Black Basta is a ransomware-as-a-service (RaaS) that likely received over $100 million in ransom payments from its victims. Last […]

When is a ‘Thank you’ not a ‘Thank you’? When it’s a sneaky bit of code that’s been hidden inside a ‘Thank You’ image that somebody posted in the comments section of a product page! The guilty secret hidden inside this particular piece of code was designed to let hackers bypass security controls and steal […]

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors’ attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department […]