Fears of software supply chain attacks escalated again this week with a new warning from Microsoft that it has caught Iranian threat actors breaking into IT services shops in India and Israel and using that access to hit the real targets. Two of Redmond’s premier threat hunting units — the Microsoft Threat Intelligence Center (MSTIC) ..
Tag : NEWS&INDUSTRY
Microsoft says it has observed an increase in the use of HTML smuggling in malicious attacks distributing remote access Trojans (RATs), banking malware, and other malicious payloads. HTML smuggling leverages HTML5/JavaScript for the download of files onto a victim machine, which in this case of these attacks is an encoded malicious script designed to assemble ..
Web security services provider Cloudflare says it mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). The multi-vector assault was launched by a botnet of approximately 15,000 machines infected with a variant of the original Mirai malware. The bots included Internet of Things (IoT) devices and GitLab instances, Cloudflare ..
Costco, one of the world’s largest retailers, has warned customers that they may have had bank card details stolen, following reports that payment card skimming devices were discovered at Costco warehouses. “If unauthorized parties were able to remove information from the device before it was discovered, they may have acquired the magnetic stripe of your ..
Eight cybersecurity-related acquisitions were announced in the second week of November 2021 (November 8-14). Cegeka acquires SecurIT IT company Cegeka has acquired SecurIT, which specializes in identity and access management (IAM). Both companies are based in the Netherlands, but SecurIT is also active in North America. The acquisition enables Cegeka to expand its cybersecurity capabilities. ..
Security researchers with Positive Technologies have published information on a couple of vulnerabilities in Diebold Nixdorf ATMs that could have allowed for an attacker to replace the firmware on the system and withdraw cash. Tracked as CVE-2018-9099 and CVE-2018-9100, the flaws were identified in the CMD-V5 and RM3/CRS dispensers – one in each device – ..
Researchers Warn DDS Protocol Can Be Abused for Lateral Movement and Malware C&C Researchers have shown that a widely used protocol named Data Distribution Service (DDS) is affected by vulnerabilities that could be exploited by threat actors for various purposes. Maintained by the standards development organization Object Management Group (OMG), DDS is a middleware protocol ..
Network detection and response (NDR) solutions provider Netography has raised $45 million in Series A funding, which brings the total raised by the company to $47.6 million. The new investment round was led by Bessemer Venture Partners and SYN Ventures. Existing investors Andreessen Horowitz, Harpoon Ventures, Mango Capital, and Wing Venture Capital also contributed. The ..
Thousands of fake emails coming from an FBI email address were sent out on Friday by someone who exploited a vulnerability in a law enforcement portal. The FBI has confirmed the breach, but said impact was limited. Threat intelligence organization Spamhaus reported seeing more than 100,000 fake emails being sent out in two waves. The ..
Chipmakers Intel and AMD this week released patches for multiple security vulnerabilities in a wide range of product lines, including fixes for a series of high-risk issues in software drivers. AMD published three bulletins this week documenting at least 27 security problems in the AMD Graphics Driver for Windows 10. Exploitation of these flaws could ..