New Cybersecurity Vulnerability Discovered in MOVEit Transfer Application Progress Software announced on Thursday that a newly identified security vulnerability, tracked as CVE-2023-35708, affects its MOVEit Transfer application. This revelation comes amidst ongoing cyber extortion efforts by the Cl0p ransomware group, targeting various companies utilizing this application. The vulnerability presents an…
On Wednesday, Apple announced a comprehensive series of updates for its iOS, iPadOS, macOS, watchOS, and Safari browser, addressing vulnerabilities that were stated to be actively exploited in the wild. Among these updates are two critical zero-day flaws involved in a mobile surveillance effort dubbed Operation Triangulation, which has been…
A new report has unveiled a previously undocumented malware variant, named EarlyRat, which has been utilized by the North Korean-aligned threat actor known as Andariel in targeted phishing campaigns. This addition enhances Andariel’s already diverse toolkit, marking a notable shift in their operational capabilities. Kaspersky’s latest findings reveal that Andariel…
Recent findings from cybersecurity firm Mandiant reveal significant zero-day vulnerabilities in Windows Installers associated with Atera’s remote monitoring and management software. These vulnerabilities could potentially be exploited to initiate privilege escalation attacks against affected systems. Identified on February 28, 2023, these vulnerabilities have been allocated the identifiers CVE-2023-26077 and CVE-2023-26078.…
Recent developments reveal a significant cyber breach affecting ASUS customers, attributed to a sophisticated supply chain attack. Kaspersky, a Russian cybersecurity company, disclosed parts of this incident last week, though it withheld the complete list of hardcoded MAC addresses embedded in the malicious code targeting specific users. In lieu of…
A recent phishing campaign has surfaced, utilizing a Russian-language Microsoft Word document as a vehicle for deploying malware designed to extract sensitive data from compromised Windows systems. This attack has been linked to a threat actor known as Konni, which exhibits connections to the North Korean cyber espionage group identified…
A former contractor for the U.S. National Security Agency (NSA), Nghia Hoang Pho, has pleaded guilty to unlawfully taking classified documents home, which were subsequently compromised by Russian hackers. This incident has reignited concerns over data security within sensitive government operations. According to a statement from the U.S. Justice Department,…
New Malware Threat Targets Air-Gapped Systems in Southeast Asia Recent research from Kaspersky has unveiled that a sophisticated Chinese threat actor, identified as Cycldek, has enhanced its capabilities to attack air-gapped systems with the intent of exfiltrating sensitive information for espionage purposes. Cycldek, also known as Goblin Panda or Conimes,…
Recent investigations by cybersecurity experts have unveiled the presence of four distinct Brazilian banking trojan families that have launched sophisticated attacks against financial institutions in Brazil, other parts of Latin America, and Europe. Collectively identified as “Tetrade” by researchers at Kaspersky, these malware families—Guildma, Javali, Melcoz, and Grandoreiro—have significantly enhanced…
