Native American Indian & Service-Disabled Veteran Owned Business

News and Events

RSS Cybersecurity

  • Eltima SDK Contain Multiple Vulnerabilities Affecting Several Cloud Service Provides December 7, 2021
    Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. "These vulnerabilities allow attackers to escalate privileges enabling them to disable
  • SolarWinds Hackers Targeting Government and Business Entities Worldwide December 7, 2021
    Nobelium, the threat actor attributed to the massive SolarWinds supply chain compromise, has been once again linked to a series of attacks targeting multiple cloud solution providers, services, and reseller companies, as the hacking group continues to refine and retool its tactics at an alarming pace in response to public disclosures. The intrusions, which are […]
  • Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers December 7, 2021
    Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia. The Redmond company attributed the malicious activities to a group […]
  • Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code December 7, 2021
    Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed "RLBox" and implemented in collaboration with researchers at the University of California San Diego and the University of Texas, the improved protection […]
  • Hackers Steal $200 Million Worth of Cryptocurrency Tokens from BitMart Exchange December 7, 2021
    Cryptocurrency trading platform BitMart has disclosed a "large-scale security breach" that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. The breach is said to have impacted two of its hot wallets on the Ethereum (ETH) blockchain and the Binance smart chain (BSC). The company noted that […]
  • Malicious KMSPico Windows Activator Stealing Users' Cryptocurrency Wallets December 6, 2021
    Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed "CryptBot," is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing
  • Vulnerability Scanning Frequency Best Practices December 6, 2021
    So you've decided to set up a vulnerability scanning programme, great. That's one of the best ways to avoid data breaches. How often you should run your scans, though, isn't such a simple question. The answers aren't the same for every type of organization or every type of system you're scanning. This guide will help […]
  • 14 New XS-Leaks (Cross-Site Leaks) Attacks Affect All Modern Web Browsers December 6, 2021
    Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and Opera, among others. Collectively known as "XS-Leaks," the browser bugs enable a malicious website to harvest personal data from its visitors as they interact with […]
  • Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats December 6, 2021
    Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post. At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the
  • Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks December 4, 2021
    Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. "All frameworks are designed to perform some form of espionage, [and] all the frameworks used USB […]
  • Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks December 4, 2021
    Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier CVE-2021-44515, is an […]
  • New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions December 4, 2021
    A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well […]
  • Researchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments December 3, 2021
    A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group […]
  • CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability December 3, 2021
    The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities. Tracked as CVE-2021-44077 (CVSS score: 9.8), the issue relates to an unauthenticated, remote code […]
  • New Payment Data Stealing Malware Hides in Nginx Process on Linux Servers December 3, 2021
    E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. "This novel code injects itself into a host Nginx application and is nearly invisible," Sansec Threat Research team said in a […]
  • Why Everyone Needs to Take the Latest CISA Directive Seriously December 3, 2021
    Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It's easy to see why you would assume that a directive from CISA just doesn't relate to your organization. But, in the instance of the latest CISA directive, that would […]
  • Critical Bug in Mozilla’s NSS Crypto Library Potentially Affects Several Other Software December 3, 2021
    Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services (NSS) cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a heap […]
  • Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns December 3, 2021
    Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts. Unlike other variants of banking malware that bank of overlay attacks to capture sensitive […]
  • Meta Expands Facebook Protect Program to Activists, Journalists, Government Officials December 2, 2021
    Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. "These people are at the center of critical communities for public debate," […]
  • Let there be light: Ensuring visibility across the entire API lifecycle December 2, 2021
    The following article is based on a webinar series on enterprise API security by Imvision, featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization's visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. Centralizing security is challenging in today's open ecosystem […]