Cybersecurity analysts have recently identified a new malware strain dubbed “Raindrop” as part of the SolarWinds supply chain attack, a significant breach that was uncovered late last year. This fourth strain adds to the existing suite of malicious tools, including Sunspot, Sunburst (also referred to as Solorigate), and Teardrop, all…
A major phishing campaign has recently been identified, targeting businesses worldwide and successfully circumventing Microsoft Office 365’s Advanced Threat Protection (ATP). This offensive has reportedly led to the credentials of over a thousand corporate employees being compromised, with origins traced back to August of the previous year. According to a…
On Wednesday, Microsoft provided additional insights into the methodologies employed by the attackers behind the SolarWinds breach, one of the most intricate cybersecurity incidents in recent history. This deeper understanding is crucial as cybersecurity firms endeavor to gain a more definitive grasp of the attack’s sophisticated nature. Describing the attackers…
Flock Surveillance Systems Expose Data Handling Practices Flock, a provider of automatic license plate reading and AI-driven camera technologies, has come under scrutiny following revelations about its reliance on overseas workers from Upwork for training its machine learning algorithms. Internal documents, inadvertently disclosed, reveal that these workers review and categorize…
A new cryptomining malware, identified as MrbMiner, has emerged, having compromised thousands of Microsoft SQL Server (MSSQL) databases since its discovery last year. This malware has been traced back to a small software development firm in Iran, following a lapse in operational security that inadvertently revealed the company’s name within…
Coupang, the largest e-commerce platform in South Korea, has reported a significant data breach that impacts nearly its entire domestic user base. The breach has affected over 33.7 million customers, exposing sensitive information such as names, phone numbers, email addresses, physical addresses, and user order histories. The company first identified…
SonicWall, a leading provider in internet security solutions such as firewalls and VPNs, recently acknowledged that it has been targeted in a sophisticated cyberattack affecting its internal infrastructure. The San Jose-based firm reported that the intrusion exploited zero-day vulnerabilities associated with its secure remote access offerings, specifically the NetExtender VPN…
On Monday, Google revealed a sophisticated cyber campaign orchestrated by a North Korean state-sponsored group aimed at security researchers involved in vulnerability research and development. This latest information highlights the increasing threat posed by adversaries adept at manipulating credible sources in the cybersecurity community. The Threat Analysis Group (TAG) at…
Cybersecurity experts have revealed a recently patched vulnerability within TikTok that could have compromised the personal data of users associated with phone numbers linked to their accounts. This security issue, identified by Check Point Research, raised significant concerns regarding possible data harvesting for malicious purposes. The vulnerability targeted users who…
