The author of the Xenomorph Android malware, the Hadoken Security Group, continues to improve their malicious code. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store reaching over 50,000 installations. The banking Trojan was used to target 56 European banks and steal sensitive information…
Reuters reported that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware. According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware…
Password management software firm LastPass disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. Then the attackers exploited a flaw in a third-party media software package to target the firm. “Our investigation has revealed that the threat actor…
The Defence Cyber Marvel 2 (DCM2) is the largest training exercise organised by the Army Cyber Association to allow personnel from across the Armed Forces to build their skills within the cyber and electromagnetic domain. This year, 750 cyber specialists have participated in the military cyberwarfare exercise. 34 teams from 11 countries, including India, Italy,…
Researchers at Horizon3 cybersecurity firm have released a proof-of-concept exploit for a critical-severity vulnerability, tracked as CVE-2022-39952, in Fortinet’s FortiNAC network access control solution. Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756, are respectively an external control of…
The LockBit ransomware gang claims to have hacked Aguas do Porto, a Portuguese municipal water utility company, and is threatening to leak the stolen data. Aguas do Porto is a municipal water utility company that manages the full water cycle including water supply, and wastewater drainage. The company also manages public lighting and photovoltaic parks….
The City of Oakland disclosed last week a ransomware attack, the security breach began on February 8, 2023. In an abundance of caution, the City of Oakland has taken impacted systems offline, while they work to secure the impacted infrastructure. The Information Technology Department notified local authorities and launched an investigation into the incident to…
Ransomware attacks on critical infrastructure conducted by North Korea-linked hacker groups are used by the government of Pyongyang to fund its malicious cyber operations, U.S. and South Korean agencies warn. US CISA published a Cybersecurity Advisory (CSA) to provide information about the threat actors to network defenders. The joint CSA about ongoing ransomware activity against…
SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. The researchers observed the first ELF variant of the Clop ransomware targeting Linux systems on December 26,…
So, where does this leave businesses that want to leverage the power of APIs? For starters, they need to invest in an API security strategy that covers all their bases. A robust strategy will be held up by a number of different tools and methodologies, including API management (APIM). In this article, we’re taking a…