A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a North Korean cluster tracked as Kimsuky (aka APT43). “This campaign relies […]
Cyber News
Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. “The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often necessary to retrieve the next stage,” IBM X-Force researchers Charlotte Hammond, Ole Villadsen, and Kat […]
Cyber News
Who gets to decide who should be CEO of OpenAI? ChatGPT or the board? Plus a ransomware gang goes a step further than most, reporting one of its own data breaches to the US Securities and Exchange Commission. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity […]
Cyber News
Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That’s why it’s essential that these teams not only have the right […]
Cyber News
An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. “The payload targets routers and network video recorder (NVR) devices with default admin credentials and installs Mirai variants when successful,” Akamai said in an advisory published this […]
Cyber NewsWhy You Shouldn’t Ignore SEC Compliance Financial markets can be likened to a vast and intricate dance, with many participants moving to the beat of various regulations and guidelines. At the center of this rhythm in the United States is the Securities and Exchange Commission (SEC). Founded after the stock market crash of 1929, the […]
SEC ComplianceSimplify Your NIST-Based Risk Assessments In an era where information and data have become the lifeblood of businesses and organizations, the importance of safeguarding this invaluable resource cannot be overstated. Cybersecurity threats lurk in the shadows, waiting to exploit vulnerabilities and wreak havoc. To protect against these threats, it’s crucial to have a systematic approach […]
NIST-Based Risk Assessment
A hacking gang has been accused of impersonating South Korean officials and journalists in a plot to steal cryptocurrency for the North Korean regime. According to local media reports, South Korea’s police agency has confirmed that between March and October 2023 a total of 1,468 people fell victim to the campaign which attempted to install […]
Cyber NewsSimplify Your M&A Technology Due Diligence In the fast-paced world of mergers and acquisitions (M&A), technology plays a pivotal role. The integration of new technologies can drive efficiency, enhance competitiveness, and open new revenue streams. However, navigating the complex landscape of technology due diligence during an M&A can be a daunting task. In this article, […]
M&A IT Due Diligence