A recent phishing campaign has come to light, actively distributing remote access trojans (RATs) dubbed VCURMS and STRRAT through a malicious Java-based downloader. This attempt highlights a troubling trend in cybercrime, where attackers strategically utilize accessible cloud platforms, such as Amazon Web Services and GitHub, to host malicious content while…
Nokia Confirms Data Breach Linked to Third-Party Vendor Nokia has publicly acknowledged a data breach involving a third-party vendor, reinforcing that its internal systems remain secure and unaffected by the incident. Following an extensive investigation, the telecommunications company clarified that although a breach occurred, its own data and systems were…
Multiple serious security vulnerabilities have been uncovered in Judge0, an open-source online code execution platform, posing significant risks for its users. These flaws potentially allow malicious actors to escape the established sandbox environment and execute code with root privileges on the host system, according to a report by the Australian…
Increasingly sophisticated phishing-as-a-service (PhaaS) toolkits, particularly one known as EvilProxy, are being employed by threat actors to execute account takeover attacks targeting senior executives within major corporations. This trend underscores a growing vulnerability among high-ranking officials in the corporate landscape, particularly as the proliferation of remote work and digital transactions…
Artificial Intelligence & Machine Learning, Governance & Risk Management, Government Also: Potential Changes in Government Policy; AI-Driven Zero-Day Discoveries Anna Delaney (annamadeline) • November 8, 2024 Clockwise, from top left: Anna Delaney, Tony Morbin, Marianne Kolbasuk McGee, and Mathew Schwartz In the latest weekly update, the ISMG editorial team explored…
A 34-year-old Russian-Canadian national has received nearly four years in prison in Canada due to his involvement in the LockBit global ransomware scheme. Mikhail Vasiliev, an Ontario resident, was initially arrested in November 2022 and subsequently charged by the U.S. Department of Justice (DoJ) for conspiring to intentionally damage protected…
Eagle Bank, a Maryland-based financial institution, has issued a warning to its customers regarding a possible security breach implicating Mastercard account data. The bank reported that it received a notification from Mastercard indicating that unauthorized access to sensitive account information may have occurred due to vulnerabilities at an unnamed merchant…
Understanding Operational Technology and Its Cybersecurity Challenges Operational Technology (OT) encompasses the hardware and software that manage, monitor, and control physical devices, processes, and events within an enterprise. Unlike traditional Information Technology (IT) systems, OT operates directly within the physical realm, making it essential to address cybersecurity in a manner…
Emergence of XWorm Malware Utilizing Rust-Based Injector Recent analyses reveal the rise of XWorm, a commodity malware deployed by malicious actors employing a legitimate Rust-based tool known as Freeze[.]rs. This significant development in cybercrime was flagged by Fortinet FortiGuard Labs on July 13, 2023, marking a novel attack strategy using…
