Cybercriminals are using last week’s CrowdStrike outage as a vehicle for social engineering attacks against the security vendor’s customers. In the hours after the event that grounded planes, shuttered stores, closed down medical facilities, and more, national cybersecurity agencies in the US, UK, Canada, and Australia all reported follow-on phishing activity by petty criminals. That…
Malicious actors are targeting users of a mobile currency game by using fake Android and Windows software that installs spyware and other malware. Hamster Kombat launched in March and already has more than 250 million users, likely due to the promises of winning TON-based cryptocurrency. The game is for Android users, who can earn in-game…
As organizations continue to fortify their cybersecurity strategies in response to an ever-evolving threat landscape, many are turning to Zero Trust architectures to safeguard their data. However, implementing Zero Trust is not without its challenges. According to a new strategy guide from the SANS Institute, “Navigating the Path to a State of Zero Trust in…
A 40-year-old Australian Defence Force (ADF) army private and her 62-year-old husband have been arrested and charged with spying for Russia, as part of a sting operation named BURGAZADA. The pair, Kira and Igor Korolev, have lived in Australia for more than a decade and were arrested at home in Brisbane on July 11. Each…
Akira ransomware actors are now capable of squirreling away data from victims in just over two hours, marking a significant shift in the average time it takes for a cybercriminal to move from initial access to information exfiltration. That’s the word from the BlackBerry Threat Research and Intelligence Team, which today released a breakdown of…
The Justice Department has announced the seizure of two domain names as well as nearly 1,000 social media accounts used by Russian actors to create and spread disinformation in the United States. US agencies including the FBI and Cyber National Mission Force (CNMF), alongside agencies in Canada and the Netherlands, released a joint advisory detailing…
Once again, cyberattackers are targeting JavaScript developers — this time in a “complex and persistent supply chain attack” that’s distributing Trojanized packages for the popular JavaScript library jQuery across GitHub, Node Package Manager (npm), and jsDelivr repositories. Each package contains a copy of jQuery with one small difference: the end function, a part of the…
The mad dash to the cloud a few years back left many organizations scrambling to understand the true implications of this technological shift. Fueled by promises of scalability and cost savings, many companies jumped on board without fully comprehending key details. For example, many were asking how secure their data was in the cloud, who…
Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10. The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Router, and could allow a threat actor to take full control of an…
Optiv, the cyber advisory and solutions leader, has published its 2024 Threat and Risk Management Report, which examines how organizations’ cybersecurity investments and governance priorities are keeping up with the evolving threat landscape. Based on an independent Ponemon Institute survey, the report reveals a 59% increase in cyber budgets year-over-year. Additionally, 63% of organizations with…
CrowdStrike ‘Updates’ Deliver Malware & More as Attacks Snowball
